Anonymous Sudan

Last updated

Anonymous Sudan
FoundedJanuary 2023
Type Hacker group
PurposeConducting DDoS attacks, targeting perceived anti-Muslim activities
Methods Cyberattacks, DDoS attacks
Key people
  • Ahmed Salah Yusuuf Omer
  • Alaa Salah Yusuuf Omer

Anonymous Sudan is a criminal hacker group that has been active since mid-January 2023. They are alleged to have committed over 35,000 distributed denial-of-service (DDoS) attacks against entire small countries, government agencies, universities, newspapers, hospitals and LGBT sites. While they claim to be doing it for pro-Palestinian ideological reasons, they have attempted to extort money from victims.

Contents

In a US federal grand jury indictment unsealed in October 2024, two Sudanese brothers, Ahmed Omer and Alaa Omer, were arrested and charged in March 2024 with operating and controlling Anonymous Sudan. The US Department of Justice and FBI seized and disabled the group's DDoS tools and infrastructure at that time. [1] [2] [3] [4] Contrary to its name, there are no known links to the hacker collective Anonymous. [5] Some analysts believe it may have originated in Russia. [5] [6]

Origins and identity

Despite the name, the group surfaced as a Russian-speaking Telegram channel in mid-January. [7] Some experts, [8] including cybersecurity company CyberCX, [6] believe the group originates from or is supported by Russia. [5] The group is not linked to Anonymous. [5] [9]

Key people

Ahmed and Alaa Salah Yusuuf Omer are accused of running Anonymous Sudan. [4] On 16 October 2024, a federal grand jury indicted both brothers in California for their alleged roles in operating the cybercriminal organization. [2] [10] The charges include conspiracy to damage protected computers, with Ahmed facing additional counts for damaging computers.

Targets and motives

Anonymous Sudan claims to target countries and organizations engaging in purported "anti-Muslim activity". [11] The group claims to be anti-Zionist, [12] as well as pro-Islam; [13] [14] however, they have also collaborated with pro-Russian attack groups like Killnet, [15] and their attacks seem to align with a pro-Russian agenda. [5] As a response to the International Committee of the Red Cross rules of engagement for civilian hackers, a representative of Anonymous Sudan said these rules were "not viable and that breaking them for the group's cause is unavoidable". [16]

According to the cybersecurity firm Radware, the hacker group SN_BLACKMETA, which claims responsibility for two attacks on the Internet Archive in 2024 [17] [18] and claims pro-Palestinian motives, may be linked to Anonymous Sudan due to similarities in their operations, target choices, and rhetoric. Radware researchers suggested that the letters "SN" could stand for "Sudan". [19] According to a German source, SN_BLACKMETA is a Russian hacker group from the region around the Russian city of Veliky Novgorod, southeast of Saint Petersburg, and claim to have no state sponsorship. [20]

Attacks

Anonymous Sudan has launched a variety of DDoS attacks against targets in Sweden, Denmark, [21] the US, [22] Australia, [23] and other countries. [11] Their victims include Cloudflare, [24] Associated Press, [25] Netflix, [26] [27] and PayPal, [28] among others. Anonymous Sudan has successfully disrupted the website of Scandinavian Airlines (SAS), [29] and even took down Microsoft 365 software suite, [6] including Teams and Outlook. [11] They also took Twitter (now known as X) offline in more than a dozen countries to pressure Elon Musk to enable Starlink service for Sudan. [30] [9] [31] According to the Cyberint Research Team, the group launched 670 attacks in their first 6 months of activity. [32] On 8 June 2023, Anonymous Sudan claimed responsibility for a DDoS attack on Azure portal, which caused an outage of this and other Microsoft cloud services between ~15 UTC and ~17:30 UTC. [33]

During the ongoing civil war in Sudan between the Sudanese Armed Forces (SAF) and Rapid Support Forces (RSF), Anonymous Sudan launched cyberattacks on the Kenyan government and private websites in the last week of July 2023, in retaliation for the country's support of the RSF. [34] [35] In January and February 2024, Anonymous Sudan claimed to have disabled all internet services in Chad and Djibouti, respectively, as part of a cyberattack to protest the country's relations with the RSF. [32] [36] The group continued attacking Intergovernmental Authority on Development (IGAD) countries, [36] including Uganda in February, due to their backing of the RSF. [37] The group also attacked the United Arab Emirates, a major supporter of the RSF. [38]

On 10 July 2023, Anonymous Sudan attacked fanfiction site Archive of Our Own with a denial-of-service attack. Anonymous Sudan claimed responsibility in a Telegram post, saying the act was motivated by the website's United States registration and its inclusion of sexual and LGBT content. [39] [40] The group then demanded $30,000 worth of Bitcoin within 24 hours to end the attack. [39] [40] The site came back online the next day with Cloudflare protection added. [41]

During the Israel–Hamas war, media teams operating in the region have been exposed to various kinds of cyberattack. The Jerusalem Post website went down on 9 October 2023, with Anonymous Sudan claiming responsibility. The Palestinian Authority news agency Wafa also experienced a cyberattack on 18 October 2023, as did Al-Jazeera English on 31 October 2023 and Al-Mamlaka TV on 3 November 2023. [42] In November 2023, the group targeted Israel infrastructure. [43] [44] In December 2023, Anonymous Sudan launched a DDoS attack on ChatGPT, [45] [46] [47] after Tal Broda, a member of OpenAI's leadership, made a social media post dehumanizing Palestinians, calling for more intense bombing in Gaza, and advocating ethnic cleansing. [48] [49]

In January 2024, Anonymous Sudan failed to hack the London Internet Exchange in response to the UK's missile strikes in Yemen. [12] [50] The group targeted systems at the University of Cambridge and the University of Manchester on 19 February 2024, citing the United Kingdom's support for Israel in the Israel–Hamas War, and targeting these specific universities "because they are the biggest ones" they could find. Disruption was largely over by 20 February though some systems were still affected. [51]

Anonymous Sudan forced the closure of the emergency department at Cedars-Sinai Medical Center in California for approximately eight hours, redirecting incoming patients to other medical facilities. The total damages incurred as a result of these attacks were estimated to exceed $10 million. [52]

In October 2024, a US federal grand jury in the Central District of California indictment was unsealed, which detailed the March 2024 indictment, arrest, and charging of two Sudanese nationals brothers, Ahmed Salah Yusuuf Omer, 22, and Alaa Salah Yusuuf Omer, 27, for their alleged involvement in operating and controlling the cybercriminal group Anonymous Sudan. [4] They are charged with one count of conspiracy to damage protected computers, with Ahmed facing three additional counts of damaging protected computers. The indictment claims that the group was responsible for tens of thousands of DDoS attacks against critical infrastructure, corporate networks, and government agencies both in the United States and around the world. [53]

In March 2024, the US Department of Justice and FBI seized and disabled Anonymous Sudan’s Distributed Cloud Attack Tool (DCAT), which had been utilized to conduct these cyberattacks. Over a one-year period, the tool was reportedly employed in more than 35,000 DDoS attacks, impacting high-profile targets, including the U.S. Department of Justice, Department of Defense, and Cedars-Sinai Medical Center in Los Angeles. [54]

If convicted, Ahmed faces a potential maximum sentence of life in federal prison, while Alaa could face up to five years. [52]

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to W3Techs, Cloudflare is used by more than 19% of the Internet for its web security services, as of 2024.

Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

Cyberwarfare is a part of the Iranian government's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 DDoS attacks on Dyn. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include APT44, Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries.

In 2024, cyber-specialists working as part of the Main Directorate of Intelligence of the Ministry of Defence of Ukraine (HUR) and the Security Service of Ukraine (SBU) initiated several cyberattacks on Russian technology and infrastructure, including attacks on Russia's banking sector, Russian internet providers, regional and municipal administration web resources, Russian airports, several Russian state institutions, and private companies. The operations were conducted as means to impede Russian military operations and uncover classified documents that could be taken into account by the Armed Forces of Ukraine during the Russian invasion of Ukraine, as well as to destabilize Russia's institutions. Cyberattacks began to intensify in scope in June and July 2024.

References

  1. Krebs, Brian. "Sudanese brothers arrested in 'AnonSudan' takedown - Krebs on Security". KrebsOnSecurity. Retrieved 19 October 2024.
  2. 1 2 Sganga, Nicole (16 October 2024). "2 Sudanese brothers charged with running cyberattack-for-hire gang - CBS News". www.cbsnews.com. Retrieved 17 October 2024.
  3. Menn, Joseph (16 October 2024). "U.S. charges Sudanese men with running powerful cyberattack-for-hire gang". Washington Post. ISSN   0190-8286 . Retrieved 17 October 2024.
  4. 1 2 3 "Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World". US Department of Justice. U.S. Attorney's Office, Central District of California. Retrieved 19 October 2024.
  5. 1 2 3 4 5 Petkauskas, Vilius (23 June 2023). "Anonymous Sudan: neither anonymous nor Sudanese". CyberNews.
  6. 1 2 3 Taylor, Josh (19 June 2023). "Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west". The Guardian. ISSN   0261-3077 . Retrieved 11 July 2023.
  7. "Anonymous Sudan | NETSCOUT". www.netscout.com. Retrieved 14 February 2024.
  8. "'Hactivists' who targeted Microsoft claim they're working for Sudan". Fortune Europe. Retrieved 14 February 2024.
  9. 1 2 Shah, Saqib (29 August 2023). "Hacker group behind Twitter outage mocks Elon Musk's rebrand". Evening Standard. Retrieved 14 February 2024.
  10. Bestari, Novina Putri. "Internet Lumpuh Gara-gara Ulah Kakak Beradik, Nasibnya Tragis". CNBC Indonesia (in Indonesian). Retrieved 17 October 2024.
  11. 1 2 3 "What is Anonymous Sudan?". Cloudflare.
  12. 1 2 Gold, Jon. "London internet attack highlights confusing hacktivism movement". CSO Online. Retrieved 14 February 2024.
  13. "Anonymous Sudan: Pro-Islamic Hacker Group Engages in Cryptocurrency Donation Campaign". ICT. 27 November 2023. Retrieved 14 February 2024.
  14. "Posing as Islamists, Russian Hackers Take Aim at Sweden". Bloomberg.com. 14 May 2023. Retrieved 14 February 2024.
  15. "Anonymous Sudan and Killnet Factor in the Russia-Ukraine War in the Context of Cyber Security". Future Human Image (19): 34–40. 2023. ISSN   2311-8822.
  16. Tidy, Joe (4 October 2023). "Rules of engagement issued to hacktivists after chaos". BBC News . Retrieved 15 October 2023.
  17. Lyons, Jessica (29 May 2024), Multi-day DDoS storm batters Internet Archive, The Register, archived from the original on 1 June 2024
  18. Davis, Wes (10 October 2024), The Internet Archive is under attack, with a breach revealing info for 31 million accounts, The Verge, archived from the original on 10 October 2024, retrieved 10 October 2024
  19. Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA, Radware, 24 July 2024, archived from the original on 10 October 2024
  20. Schräer, Frank. "Cyber attack on Internet Archive apparently carried out by Russian hackers". Heise Online. Retrieved 17 October 2024.
  21. "LockBit, Anonymous Sudan Attacks and More". GlobalSign. 29 November 2023. Retrieved 14 February 2024.
  22. "Anonymous Sudan's DDoS attacks against US targets". InCyber. 21 July 2023. Retrieved 14 February 2024.
  23. "Who is 'Anonymous Sudan'?". ABC listen. 19 June 2023. Retrieved 14 February 2024.
  24. Staff, S. C. (13 November 2023). "Anonymous Sudan DDoS attack hits Cloudflare website". SC Media. Retrieved 14 February 2024.
  25. "AP cyberattack: Has Anonymous Sudan hit Associated Press?". 1 November 2023. Retrieved 14 February 2024.
  26. "Netflix impacted by Anonymous Sudan DDoS attack". Media. 2 October 2023.
  27. Power, Shannon (29 September 2023). "Netflix taken down by hackers over LGBTQ+ content". Newsweek. Retrieved 14 February 2024.
  28. "Anonymous Sudan claims successful DDoS cyberattack on PayPal". 17 July 2023. Retrieved 14 February 2024.
  29. Staff, S. C. (1 June 2023). "Scandinavian Airlines receives $3M demand to cease Anonymous Sudan DDoS attacks". SC Media. Retrieved 14 February 2024.
  30. "Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink". BBC News. 31 August 2023. Retrieved 13 February 2024.
  31. Farmer, Ben (31 August 2023). "Hackers shut down Twitter putting Musk under pressure to extend Starlink internet service to Sudan". The Telegraph. ISSN   0307-1235 . Retrieved 14 February 2024.
  32. 1 2 "Anonymous Sudan Launches Cyberattack on Chad Telco". www.darkreading.com. Retrieved 14 February 2024.
  33. "Azure status history | Microsoft Azure". azure.status.microsoft. Retrieved 13 February 2024.
  34. "Sudan hackers target Kenyan govt websites". Radio Dabanga. 31 July 2023. Archived from the original on 30 July 2023. Retrieved 31 July 2023.
  35. "Kenya cyber-attack: Why is eCitizen down?". 28 July 2023. Retrieved 14 February 2024.
  36. 1 2 "Anonymous Sudan hacks IGAD countries over alleged RSF support". Sudan Tribune. 6 February 2024. Retrieved 7 February 2024.
  37. Kwinika, Savious Parker (9 February 2024). "Anonymous Sudan attacks again, this time in Uganda". ITWeb Africa. Retrieved 14 February 2024.
  38. "Anonymous Sudan claims responsibility for cyber attacks on UAE entities | Digital Watch Observatory". 2 February 2024. Retrieved 14 February 2024.
  39. 1 2 Hollingworth, David (11 July 2023). "Fanfic Writers Targeted by Anonymous Sudan in Apparent DDOS Attack on AO3". Cyber Security Connect. Retrieved 11 July 2023.
  40. 1 2 Diaz, Ana (10 July 2023). "Archive of Our Own is down due to a DDoS attack". Polygon. Retrieved 11 July 2023.
  41. Weatherbed, Jess (11 July 2023). "The massive fanfic archive AO3 is back after a wave of DDoS attacks". The Verge. Retrieved 11 July 2023.
  42. "Attacks, arrests, threats, censorship: The high risks of reporting the Israel-Gaza war". Committee to Protect Journalists. Archived from the original on 13 November 2023. Retrieved 13 November 2023.
  43. "Anonymous Sudan Targets Israel's Critical Infrastructure – Westoahu Cybersecurity" . Retrieved 14 February 2024.
  44. "How hackers piled onto the Israeli-Hamas conflict". POLITICO. 15 October 2023. Retrieved 14 February 2024.
  45. Jain, Samiksha (15 December 2023). "Anonymous Sudan Targets OpenAI Again, Demands Firing of Research Head". The Cyber Express. Archived from the original on 17 December 2023.
  46. Sharma, Aakash (19 December 2023). "'Will target ChatGPT until it stops dehumanizing Palestinians': Hackers on outage". India Today . Delhi. Archived from the original on 28 December 2023.
  47. Winder, Davey. "ChatGPT Down As Anonymous Sudan Hackers Claim Responsibility". Forbes. Retrieved 14 February 2024.
  48. Sabin, Sam. "Anonymous Sudan hacking group sets sights on ChatGPT". Axios. Retrieved 14 January 2024.
  49. Varanasi, Lakshmi (15 December 2023). "Hackers behind recent ChatGPT outage say they'll target the AI bot until it stops 'dehumanizing' Palestinians". Business Insider . Archived from the original on 17 December 2023.
  50. "Anonymous Sudan claims cyberattack on London Internet Exchange in response to UK's Yemen strikes". teiss. Retrieved 14 February 2024.
  51. Jack, Patrick (20 February 2024). "UK universities targeted by cyberattack". Times Higher Education . Retrieved 22 February 2024.
  52. 1 2 "Sudanese brothers charged for 'Anonymous Sudan' attacks targeting critical infrastructure, government agencies and hospitals". therecord.media. Retrieved 17 October 2024.
  53. Baran, Guru (17 October 2024). "Anonymous Sudan Hackers Charged for Cyber Attacks on Critical Infrastructure". Cyber Security News. Retrieved 17 October 2024.
  54. "US charges 2 with running 'Anonymous Sudan' hacking group". Nextgov.com. 16 October 2024. Retrieved 17 October 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.