Anonymous Sudan

Last updated

Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from Russia with no links to Sudan or Anonymous. [1] [2] They have launched a variety of distributed denial-of-service (DDoS) attacks against targets.

Contents

Origins and identity

Despite the name, there is no proven link between Anonymous Sudan and the country of Sudan. [3] [1] [2] The group surfaced as a Russian-speaking Telegram channel in mid-January. [4] Some experts, [5] including cybersecurity company CyberCX, [2] believe the group originates from or is supported by Russia. [1] The group is also not linked to Anonymous. [1] [6]

Targets and motives

Anonymous Sudan claims to target countries and organizations engaging in self-described "anti-Muslim activity". [3] The group claims to be anti-Zionist [7] and pro-Islam. [8] [9] However, they have also collaborated with pro-Russian attack groups like Killnet, [10] and their attacks seem to align with a pro-Russian agenda. [1]

As a response to the International Committee of the Red Cross rules of engagement for civilian hackers, a representative of Anonymous Sudan said these rules were "not viable and that breaking them for the group's cause is unavoidable". [11]

Attacks

Anonymous Sudan has launched a variety of distributed denial-of-service (DDoS) attacks against targets in Sweden, Denmark, [12] the US, [13] Australia, [14] and other countries. [3] Their victims include Cloudflare, [15] Associated Press, [16] Netflix, [17] [18] and PayPal, [19] among others. Anonymous Sudan has successfully disrupted the website of Scandinavian Airlines (SAS) [20] and even took down Microsoft 365 software suite, [21] including Teams and Outlook. [3] They also took Twitter (now known as X) offline in more than a dozen countries to pressure Elon Musk to enable Starlink service for Sudan. [22] [6] [23] According to the Cyberint Research Team, the group launched 670 attacks in their first 6 months of activity. [24]

On 8 June 2023, Anonymous Sudan claimed responsibility for a DDoS attack on Azure portal which caused an outage of this and other Microsoft cloud services between ~15 UTC and ~17:30 UTC. [25]

During the War in Sudan between the Sudanese Armed Forces (SAF) and Rapid Support Forces (RSF), Anonymous Sudan launched cyberattacks on the Kenyan government and private websites in the last week of July 2023, in retaliation for the country's support of the RSF. [26] [27] In January and February 2024, Anonymous Sudan claimed to have disabled all internet services in Chad [28] and Djibouti, respectively, as part of a cyberattack to protest the country's relations with the RSF. [29] The group continued attacking Intergovernmental Authority on Development (IGAD) countries [30] (including Uganda in February) due to their backing of the RSF. [31] The group also attacked the United Arab Emirates, a major supporter of the RSF. [32]

On 10 July 2023, Anonymous Sudan attacked fanfiction site Archive of Our Own with a denial-of-service attack. Anonymous Sudan claimed responsibility in a Telegram post, saying the act was motivated by the website's United States registration and its inclusion of sexual and LGBT content. [33] [34] The group then demanded $30,000 worth of Bitcoin within 24 hours to end the attack. [33] [34] The site came back online the next day with Cloudflare protection added. [35]

During the Israel–Hamas war, media teams operating in the region have been exposed to various kinds of cyberattack. The Jerusalem Post website went down on 9 October 2023, with Anonymous Sudan claiming responsibility. The Palestinian Authority news agency Wafa also experienced a cyberattack on 18 October 2023, as did Al-Jazeera English on 31 October 2023 and Al-Mamlaka TV on 3 November 2023. [36] In November 2023, the group targeted Israel infrastructure. [37] [38]

In December 2023, Anonymous Sudan launched a DDoS attack on ChatGPT [39] [40] [41] after Tal Broda, a member of OpenAI's leadership, made a social media post dehumanizing Palestinians, calling for more intense bombing in Gaza, and advocating ethnic cleansing. [42] [43]

In January 2024, Anonymous Sudan failed to hack the London Internet Exchange in response to the UK's missile strikes in Yemen. [7] [44]

The group targeted systems at the University of Cambridge and the University of Manchester on 19 February 2024, citing the United Kingdom's support for Israel in the Israel–Hamas War, and targeting these specific universities "because they are the biggest ones" they could find. Disruption was largely over by 20 February though some systems were still affected. [45]

Related Research Articles

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to The Hill, Cloudflare is used by more than 20 percent of the Internet for its web security services, as of 2022.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the 2022 Russian invasion of Ukraine began.

Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

NoName057(16) is a pro-Russian hacker group that first declared itself in March 2022 and claimed responsibility for cyber-attacks on Ukrainian, American and European government agencies, media, and private companies. It is regarded as an unorganized and free pro-Russian activist group seeking to attract attention in Western countries.

References

  1. 1 2 3 4 5 Petkauskas, Vilius (2023-06-23). "Anonymous Sudan: neither anonymous nor Sudanese". CyberNews.
  2. 1 2 3 Taylor, Josh (19 June 2023). "Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west". The Guardian. ISSN   0261-3077 . Retrieved 11 July 2023.
  3. 1 2 3 4 "What is Anonymous Sudan?". Cloudflare.
  4. "Anonymous Sudan | NETSCOUT". www.netscout.com. Retrieved 2024-02-14.
  5. "'Hactivists' who targeted Microsoft claim they're working for Sudan". Fortune Europe. Retrieved 2024-02-14.
  6. 1 2 Shah, Saqib (2023-08-29). "Hacker group behind Twitter outage mocks Elon Musk's rebrand". Evening Standard. Retrieved 2024-02-14.
  7. 1 2 "London internet attack highlights confusing hacktivism movement". CSO Online. Retrieved 2024-02-14.
  8. Desk, Cyber (2023-11-27). "Anonymous Sudan: Pro-Islamic Hacker Group Engages in Cryptocurrency Donation Campaign". ICT. Retrieved 2024-02-14.
  9. "Posing as Islamists, Russian Hackers Take Aim at Sweden". Bloomberg.com. 2023-05-14. Retrieved 2024-02-14.
  10. "Anonymous Sudan and Killnet Factor in the Russia-Ukraine War in the Context of Cyber Security". Future Human Image (19): 34–40. 2023. ISSN   2311-8822.
  11. Tidy, Joe (2023-10-04). "Rules of engagement issued to hacktivists after chaos". BBC News . Retrieved 2023-10-15.
  12. "LockBit, Anonymous Sudan Attacks and More". GlobalSign. 2023-11-29. Retrieved 2024-02-14.
  13. "Anonymous Sudan's DDoS attacks against US targets". InCyber. 2023-07-21. Retrieved 2024-02-14.
  14. "Who is 'Anonymous Sudan'?". ABC listen. 2023-06-19. Retrieved 2024-02-14.
  15. Staff, S. C. (2023-11-13). "Anonymous Sudan DDoS attack hits Cloudflare website". SC Media. Retrieved 2024-02-14.
  16. "AP cyberattack: Has Anonymous Sudan hit Associated Press?". 2023-11-01. Retrieved 2024-02-14.
  17. "Netflix impacted by Anonymous Sudan DDoS attack". Media. 2023-10-02.
  18. Culture, Shannon Power Pop; Reporter, Entertainment (2023-09-29). "Netflix taken down by hackers over LGBTQ+ content". Newsweek. Retrieved 2024-02-14.
  19. "Anonymous Sudan claims successful DDoS cyberattack on PayPal". 2023-07-17. Retrieved 2024-02-14.
  20. Staff, S. C. (2023-06-01). "Scandinavian Airlines receives $3M demand to cease Anonymous Sudan DDoS attacks". SC Media. Retrieved 2024-02-14.
  21. Taylor, Josh (2023-06-19). "Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west". The Guardian. ISSN   0261-3077 . Retrieved 2024-02-14.
  22. "Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink". BBC News. 2023-08-31. Retrieved 2024-02-13.
  23. Farmer, Ben (2023-08-31). "Hackers shut down Twitter putting Musk under pressure to extend Starlink internet service to Sudan". The Telegraph. ISSN   0307-1235 . Retrieved 2024-02-14.
  24. "Anonymous Sudan Launches Cyberattack on Chad Telco". www.darkreading.com. Retrieved 2024-02-14.
  25. "Azure status history | Microsoft Azure". azure.status.microsoft. Retrieved 2024-02-13.
  26. "Sudan hackers target Kenyan govt websites". Radio Dabanga. 31 July 2023. Archived from the original on 30 July 2023. Retrieved 31 July 2023.
  27. "Kenya cyber-attack: Why is eCitizen down?". 2023-07-28. Retrieved 2024-02-14.
  28. "Anonymous Sudan Launches Cyberattack on Chad Telco". www.darkreading.com. Retrieved 2024-02-14.
  29. "Anonymous Sudan hacks IGAD countries over alleged RSF support". Sudan Tribune. 6 February 2024. Retrieved 7 February 2024.
  30. SudanTribune (2024-02-07). "Anonymous Sudan hacks IGAD countries over alleged RSF support". Sudan Tribune. Retrieved 2024-02-14.
  31. Kwinika, Savious Parker (2024-02-09). "Anonymous Sudan attacks again, this time in Uganda". ITWeb Africa. Retrieved 2024-02-14.
  32. "Anonymous Sudan claims responsibility for cyber attacks on UAE entities | Digital Watch Observatory". 2024-02-02. Retrieved 2024-02-14.
  33. 1 2 Hollingworth, David (11 July 2023). "Fanfic Writers Targeted by Anonymous Sudan in Apparent DDOS Attack on AO3". Cyber Security Connect. Retrieved 11 July 2023.
  34. 1 2 Diaz, Ana (10 July 2023). "Archive of Our Own is down due to a DDoS attack". Polygon. Retrieved 11 July 2023.
  35. Weatherbed, Jess (11 July 2023). "The massive fanfic archive AO3 is back after a wave of DDoS attacks". The Verge. Retrieved 11 July 2023.
  36. "Attacks, arrests, threats, censorship: The high risks of reporting the Israel-Gaza war". Committee to Protect Journalists. Archived from the original on 2023-11-13. Retrieved 2023-11-13.
  37. "Anonymous Sudan Targets Israel's Critical Infrastructure – Westoahu Cybersecurity" . Retrieved 2024-02-14.
  38. "How hackers piled onto the Israeli-Hamas conflict". POLITICO. 2023-10-15. Retrieved 2024-02-14.
  39. Jain, Samiksha (15 Dec 2023). "Anonymous Sudan Targets OpenAI Again, Demands Firing of Research Head". The Cyber Express. Archived from the original on 17 December 2023.
  40. Sharma, Aakash (19 Dec 2023). "'Will target ChatGPT until it stops dehumanizing Palestinians': Hackers on outage". India Today . Delhi. Archived from the original on 28 December 2023.
  41. Winder, Davey. "ChatGPT Down As Anonymous Sudan Hackers Claim Responsibility". Forbes. Retrieved 2024-02-14.
  42. Sabin, Sam. "Anonymous Sudan hacking group sets sights on ChatGPT". Axios. Retrieved 14 January 2024.
  43. Varanasi, Lakshmi (15 Dec 2023). "Hackers behind recent ChatGPT outage say they'll target the AI bot until it stops 'dehumanizing' Palestinians". Business Insider . Archived from the original on 17 December 2023.
  44. "Anonymous Sudan claims cyberattack on London Internet Exchange in response to UK's Yemen strikes". teiss. Retrieved 2024-02-14.
  45. Jack, Patrick (2024-02-20). "UK universities targeted by cyberattack". Times Higher Education . Retrieved 2024-02-22.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.