Hackers Demand $3M from Scandinavian Airlines (SAS)

June 23, 2023


The hacker group "Anonymous Sudan" has made an unexpected demand of $3 million from Scandinavian Airlines (SAS) in order to halt distributed denial-of-service attacks (DDoS) that have been targeting the airline's websites since February. Despite initially presenting themselves as politically-motivated hacktivists, the group appears to be resorting to using extortion tactics for financial gain.

On Monday, 29 May, Anonymous Sudan shared a ransom note on its Telegram channel claiming that SAS and its services have been paralyzed for more than five days. The company has responded to user complaints on Facebook, acknowledging an issue with its website and assuring customers that SAS is "working to resolve it quickly." SAS did not respond to The Record’s inquiries.

Meanwhile, Anonymous Sudan continues to escalate their demands, raising their initial price from $3,500 to a staggering $3 million. Anonymous Sudan first began targeting SAS in February, knocking its website offline and exposing some user data. Some customers who attempted to log in to the SAS mobile app were sent to others’ accounts and had access to their contact information and itineraries. The group blamed the burning of a Quran during demonstrations in January protests in Stockholm for motivating the attacks.

Anonymous Sudan followed up the incident with cyberattacks on Sweden’s national public television broadcaster, German airports, Danish hospitals, as well as Israeli banks, news websites, and, most recently, a missile warning system.

Incident Date

May 24, 2023



Estimated Cost

Ransom raised from $3,500 to $3 million.

Type of Malware

No Malware identified

Threat Source