Anonymous Sudan Explained

Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from Russia with no links to Sudan or Anonymous.[1] They have launched a variety of distributed denial-of-service (DDoS) attacks against targets.

Origins and identity

Despite the name, there is no proven link between Anonymous Sudan and the country of Sudan.[2] The group surfaced as a Russian-speaking Telegram channel in mid-January.[3] Some experts,[4] including cybersecurity company CyberCX,[5] believe the group originates from or is supported by Russia. The group is also not linked to Anonymous.[6]

Targets and motives

Anonymous Sudan claims to target countries and organizations engaging in self-described "anti-Muslim activity". The group claims to be anti-Zionist[7] and pro-Islam.[8] [9] However, they have also collaborated with pro-Russian attack groups like Killnet,[10] and their attacks seem to align with a pro-Russian agenda.

As a response to the International Committee of the Red Cross rules of engagement for civilian hackers, a representative of Anonymous Sudan said these rules were "not viable and that breaking them for the group's cause is unavoidable".[11]

Attacks

Anonymous Sudan has launched a variety of distributed denial-of-service (DDoS) attacks against targets in Sweden, Denmark,[12] the US,[13] Australia,[14] and other countries. Their victims include Cloudflare,[15] Associated Press,[16] Netflix,[17] [18] and PayPal,[19] among others. Anonymous Sudan has successfully disrupted the website of Scandinavian Airlines (SAS)[20] and even took down Microsoft 365 software suite,[21] including Teams and Outlook. They also took Twitter (now known as X) offline in more than a dozen countries to pressure Elon Musk to enable Starlink service for Sudan.[22] [23] According to the Cyberint Research Team, the group launched 670 attacks in their first 6 months of activity.[24]

On 8 June 2023, Anonymous Sudan claimed responsibility for a DDoS attack on Azure portal which caused an outage of this and other Microsoft cloud services between ~15 UTC and ~17:30 UTC.[25]

During the War in Sudan between the Sudanese Armed Forces (SAF) and Rapid Support Forces (RSF), Anonymous Sudan launched cyberattacks on the Kenyan government and private websites in the last week of July 2023, in retaliation for the country's support of the RSF.[26] [27] In January and February 2024, Anonymous Sudan claimed to have disabled all internet services in Chad[28] and Djibouti, respectively, as part of a cyberattack to protest the country's relations with the RSF.[29] The group continued attacking Intergovernmental Authority on Development (IGAD) countries[30] (including Uganda in February) due to their backing of the RSF.[31] The group also attacked the United Arab Emirates, a major supporter of the RSF.[32]

On 10 July 2023, Anonymous Sudan attacked fanfiction site Archive of Our Own with a denial-of-service attack. Anonymous Sudan claimed responsibility in a Telegram post, saying the act was motivated by the website's United States registration and its inclusion of sexual and LGBT content.[33] [34] The group then demanded $30,000 worth of Bitcoin within 24 hours to end the attack. The site came back online the next day with Cloudflare protection added.[35]

During the Israel–Hamas war, media teams operating in the region have been exposed to various kinds of cyberattack. The Jerusalem Post website went down on 9 October 2023, with Anonymous Sudan claiming responsibility. The Palestinian Authority news agency Wafa also experienced a cyberattack on 18 October 2023, as did Al-Jazeera English on 31 October 2023 and Al-Mamlaka TV on 3 November 2023.[36] In November 2023, the group targeted Israel infrastructure.[37] [38]

In December 2023, Anonymous Sudan launched a DDoS attack on ChatGPT[39] [40] [41] after Tal Broda, a member of OpenAI's leadership, made a social media post dehumanizing Palestinians, calling for more intense bombing in Gaza, and advocating ethnic cleansing.[42] [43]

In January 2024, Anonymous Sudan failed to hack the London Internet Exchange in response to the UK's missile strikes in Yemen.[44]

The group targeted systems at the University of Cambridge and the University of Manchester on 19 February 2024, citing the United Kingdom's support for Israel in the Israel–Hamas War, and targeting these specific universities "because they are the biggest ones" they could find. Disruption was largely over by 20 February though some systems were still affected.[45]

Notes and References

  1. Web site: Petkauskas . Vilius . 2023-06-23 . Anonymous Sudan: neither anonymous nor Sudanese . CyberNews.
  2. Web site: What is Anonymous Sudan? . Cloudflare.
  3. Web site: Anonymous Sudan NETSCOUT . 2024-02-14 . www.netscout.com . en.
  4. Web site: 'Hactivists' who targeted Microsoft claim they're working for Sudan . 2024-02-14 . Fortune Europe . en.
  5. News: Taylor . Josh . 19 June 2023 . Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west . 11 July 2023 . The Guardian . en-GB . 0261-3077.
  6. Web site: Shah . Saqib . 2023-08-29 . Hacker group behind Twitter outage mocks Elon Musk's rebrand . 2024-02-14 . Evening Standard . en.
  7. Web site: London internet attack highlights confusing hacktivism movement . 2024-02-14 . CSO Online . en.
  8. Web site: Desk . Cyber . 2023-11-27 . Anonymous Sudan: Pro-Islamic Hacker Group Engages in Cryptocurrency Donation Campaign . 2024-02-14 . ICT . en-US.
  9. News: 2023-05-14 . Posing as Islamists, Russian Hackers Take Aim at Sweden . 2024-02-14 . Bloomberg.com . en.
  10. 2023 . Anonymous Sudan and Killnet Factor in the Russia-Ukraine War in the Context of Cyber Security . Future Human Image . English . 19 . 34–40 . 2311-8822.
  11. News: Tidy . Joe . 2023-10-04 . Rules of engagement issued to hacktivists after chaos . 2023-10-15 . BBC News.
  12. Web site: 2023-11-29 . LockBit, Anonymous Sudan Attacks and More . 2024-02-14 . GlobalSign . en.
  13. Web site: 2023-07-21 . Anonymous Sudan's DDoS attacks against US targets . 2024-02-14 . InCyber . en-GB.
  14. Web site: 2023-06-19 . Who is 'Anonymous Sudan'? . 2024-02-14 . ABC listen . en-AU.
  15. Web site: Staff . S. C. . 2023-11-13 . Anonymous Sudan DDoS attack hits Cloudflare website . 2024-02-14 . SC Media . en.
  16. Web site: 2023-11-01 . AP cyberattack: Has Anonymous Sudan hit Associated Press? . 2024-02-14 . en-US.
  17. Web site: 2023-10-02 . Netflix impacted by Anonymous Sudan DDoS attack . Media.
  18. Web site: Culture . Shannon Power Pop . Reporter . Entertainment . 2023-09-29 . Netflix taken down by hackers over LGBTQ+ content . 2024-02-14 . Newsweek . en.
  19. Web site: 2023-07-17 . Anonymous Sudan claims successful DDoS cyberattack on PayPal . 2024-02-14 . en-US.
  20. Web site: Staff . S. C. . 2023-06-01 . Scandinavian Airlines receives $3M demand to cease Anonymous Sudan DDoS attacks . 2024-02-14 . SC Media . en.
  21. News: Taylor . Josh . 2023-06-19 . Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west . 2024-02-14 . The Guardian . en-GB . 0261-3077.
  22. News: 2023-08-31 . Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink . 2024-02-13 . BBC News . en-GB.
  23. News: Farmer . Ben . 2023-08-31 . Hackers shut down Twitter putting Musk under pressure to extend Starlink internet service to Sudan . 2024-02-14 . The Telegraph . en-GB . 0307-1235.
  24. Web site: Anonymous Sudan Launches Cyberattack on Chad Telco . 2024-02-14 . www.darkreading.com . en.
  25. Web site: Azure status history Microsoft Azure . 2024-02-13 . azure.status.microsoft.
  26. Web site: 31 July 2023 . Sudan hackers target Kenyan govt websites . live . https://web.archive.org/web/20230730193414/https://www.dabangasudan.org/en/all-news/article/sudan-hackers-target-kenyan-govt-websites . 30 July 2023 . 31 July 2023 . Radio Dabanga.
  27. News: 2023-07-28 . Kenya cyber-attack: Why is eCitizen down? . 2024-02-14 . en-GB.
  28. Web site: Anonymous Sudan Launches Cyberattack on Chad Telco . 2024-02-14 . www.darkreading.com . en.
  29. Web site: 6 February 2024 . Anonymous Sudan hacks IGAD countries over alleged RSF support . 7 February 2024 . Sudan Tribune . en.
  30. Web site: SudanTribune . 2024-02-07 . Anonymous Sudan hacks IGAD countries over alleged RSF support . 2024-02-14 . Sudan Tribune . en-US.
  31. Web site: Kwinika . Savious Parker . 2024-02-09 . Anonymous Sudan attacks again, this time in Uganda . 2024-02-14 . ITWeb Africa . en-ZA.
  32. Web site: 2024-02-02 . Anonymous Sudan claims responsibility for cyber attacks on UAE entities Digital Watch Observatory . 2024-02-14 . en-US.
  33. Web site: Hollingworth . David . 11 July 2023 . Fanfic Writers Targeted by Anonymous Sudan in Apparent DDOS Attack on AO3 . 11 July 2023 . Cyber Security Connect.
  34. Web site: Diaz . Ana . 10 July 2023 . Archive of Our Own is down due to a DDoS attack . 11 July 2023 . Polygon.
  35. Web site: Weatherbed . Jess . 11 July 2023 . The massive fanfic archive AO3 is back after a wave of DDoS attacks . 11 July 2023 . The Verge.
  36. Web site: Attacks, arrests, threats, censorship: The high risks of reporting the Israel-Gaza war . live . https://web.archive.org/web/20231113122417/https://cpj.org/2023/11/attacks-arrests-threats-censorship-the-high-risks-of-reporting-the-israel-hamas-war/ . 2023-11-13 . 2023-11-13 . Committee to Protect Journalists.
  37. Web site: Anonymous Sudan Targets Israel's Critical Infrastructure – Westoahu Cybersecurity . 2024-02-14 . en-US.
  38. Web site: 2023-10-15 . How hackers piled onto the Israeli-Hamas conflict . 2024-02-14 . POLITICO . en.
  39. Web site: Jain . Samiksha . 15 Dec 2023 . Anonymous Sudan Targets OpenAI Again, Demands Firing of Research Head . https://archive.today/20231217202929/https://thecyberexpress.com/anonymous-sudan-openai-cyberattack/ . 17 December 2023 . The Cyber Express.
  40. Web site: Sharma . Aakash . 19 Dec 2023 . 'Will target ChatGPT until it stops dehumanizing Palestinians': Hackers on outage . https://archive.today/20231228152205/https://www.indiatoday.in/world/story/chatgpt-outage-cyberattackers-accuses-open-ai-tool-of-bias-amid-israel-hamas-war-2477825-2023-12-19 . 28 December 2023 . . Delhi.
  41. Web site: Winder . Davey . ChatGPT Down As Anonymous Sudan Hackers Claim Responsibility . 2024-02-14 . Forbes . en.
  42. Web site: Sabin . Sam . Anonymous Sudan hacking group sets sights on ChatGPT . 14 January 2024 . Axios.
  43. Web site: Varanasi . Lakshmi . 15 Dec 2023 . Hackers behind recent ChatGPT outage say they'll target the AI bot until it stops 'dehumanizing' Palestinians . https://archive.today/20231217123539/https://www.businessinsider.com/hackers-behind-chatgpt-outage-bot-must-stop-dehumanizing-palestinians-2023-12?IR=T . 17 December 2023 . Business Insider.
  44. Web site: Anonymous Sudan claims cyberattack on London Internet Exchange in response to UK's Yemen strikes . 2024-02-14 . teiss . En.
  45. Web site: Jack . Patrick . 2024-02-20 . UK universities targeted by cyberattack . 2024-02-22 . . en.