Anonymous Sudan is a group of religiously and politically motivated hacktivists from Sudan who have been conducting religiously motivated denial-of-service attacks against several Western countries since January 2023.
The group has targeted Swedish and Danish organizations and critical infrastructure under the tags #OpSweden and #OpDenmark. Their actions were in response to a far-right activist, Rasmus Paludan, who holds both Danish and Swedish citizenship. Paludan burned a copy of the Quran in Sweden on January 21, 2023, and vowed to continue burning the Muslim holy book in Denmark until Sweden is admitted into NATO.
Because of common objectives during the Sweden attacks, Killnet announced the addition of Anonymous Sudan as an official member in its cluster of hacktivists targeting Western nations and countries opposing Russia. Anonymous Sudan has since leveraged the reputation and influence of Killnet to grow its members and become one of the more notable hacktivist groups of 2023.
During a separate multi-day campaign in March 2023, the group targeted medical facilities, universities and airports in France. The motivation for this attack was a cartoon depiction of the prophet Muhammad, allegedly referencing the controversial Charlie Hebdo caricatures. During the same period, the group also leaked information from several airlines and payment providers, claiming they hacked the organizations and posted sensitive data for sale.
Hacktivist attacks from Anonymous Sudan continued to spread throughout the world:
- By April 2, 2023, the pro-Islamic groups moved their crosshairs to Israel to support pro-Palestinian hacktivists in #OpIsrael and #OpsPetir.
- After France, the group moved to Australia to join the pro-Muslim hacktivists Mysterious Team and Team Insane PK in their campaign against Australia under the #OpAustralia campaign.
- Later in April 2023, the group declared India as a target to sympathize with Indian Muslims under their misperceived Islamic cause.
- By early May 2023, the group started running campaigns against the United States to protest potential interference in the Sudanese conflict.
- In June 2023, Anonymous Sudan started extorting victims for millions through Telegram messages, while claiming to keep them offline with distributed denial-of-service (DDoS) attacks. Microsoft, one of the extortion victims, confirmed hackers were responsible for disruptions affecting Outlook, Teams, SharePoint Online, OneDrive for Business and its Azure cloud computing platform. It said the attackers were focused on "disruption and publicity" and likely used rented cloud infrastructure and open proxy infrastructures to target Microsoft servers with a high load of Layer 7 Web DDoS attacks leveraging cache bypass and slowloris.
Guidance on Anonymous Sudan attacks
Anonymous Sudan attacks are characterized as Web DDoS attacks combined with alternating waves of UDP and SYN floods. Attacks originate from tens of thousands of unique source IP addresses with UDP traffic reaching up to 600Gbps and HTTPS request floods up to several million RPS.
The group leverages public cloud server infrastructure to generate traffic and attack floods while leveraging free and open proxy infrastructures to hide and randomize the source of the attacks.
Telegram: hxxps://t.me/AnonymousSudan
See also:
Hacktivism Unveiled, India Insights into the footprints of hacktivists (radware.com)
Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists (radware.com)
#OpAustralia/ #opsjentik (radware.com)