The authenticity of Anonymous Sudan as a genuine hacktivist group, initially believed, is doubted by a cybersecurity firm
According to experts, the hackers responsible for the recent attack on Microsoft’s services are more likely to be a Russian-affiliated group rather than a grassroots pro-Islam collective from Sudan, as initially thought.
Additionally, Anonymous Sudan, which emerged in January 2023, has reportedly taken credit for at least 24 distributed denial-of-service attacks targeting various Australian companies, including those in healthcare, aviation, and education sectors.
Last week, Microsoft confirmed that the outages experienced by its Outlook service in early June were caused by a DoS attack attributed to Anonymous Sudan, which had claimed responsibility.
Presenting themselves as a loosely organized collective of hacktivists supposedly based in Sudan, the group expressed their grievances by targeting Australian organizations in March. Their protest was in response to clothing displayed at the Melbourne fashion festival, which featured Arabic text saying “God walks with me.”
In its recent report, cybersecurity firm CyberCX revealed that the group under scrutiny is unlikely to be an authentic hacktivist organization. Instead, the analysis of their activities suggests a probable connection to the Russian state.
CyberCX further noted that most hacktivist groups typically plan their operations in a partially public manner online. However, Anonymous Sudan deviated from this pattern by only disclosing targets during active attacks, indicating a tightly controlled operation.
The firm also pointed out that the group’s use of paid infrastructure in their attacks, involving massive traffic redirection to overwhelm a targeted service, would have incurred significant costs, making it less probable for a loosely organized collective.
Additionally, CyberCX highlighted that Anonymous Sudan publicly associates itself with pro-Russian threat actors and is recognized as a member of the pro-Russia hacker group known as Killnet.
According to Alastair MacGibbon, the chief strategy officer at CyberCX, Anonymous Sudan’s choice of relatively low-level targets and its portrayal as an Islamic group suggest that it is likely an organization backed by Russia. Their intention could be to sow discord in society and disrupt Western countries.
MacGibbon stated that this behavior aligns with the Russian government’s inclination to foster divisions within societies. He further emphasized that the group’s motives are not driven by genuine concerns such as anti-racism or pro-environmentalism. Instead, their focus is solely on exploiting any issue that can be used to harm their targets, in this case, the Western nations.
According to him, the attacks on Optus and Medibank last year were characterized as “less monetizable forms of attack.” Instead of employing ransomware attacks to lock up systems, the groups opted to threaten the publication of the compromised data online.
He highlighted the need for a connection to other forms of monetization, potentially involving a state actor or some form of state-directed guidance that aims to instill fear, uncertainty, and doubt.
