Anonymous Sudan’s Post Arrest Cyber Chaos [A Threat Note Guide]
This blog is a summary of our latest threat note, “Anonymous Sudan – The Aftermath”, which is available for all our clients to read in the CybelAngel portal. Interested in reading this report but you are not a client? Get in touch with us to access this content.
In mid-October this year, the U.S. Justice Department unsealed an indictment concerning two Sudanese nationals, Ahmed Salah Yousif Omer, 22 years old, and his brother Alaa Salah Yusuuf Omer, 27, accused of heading the “Anonymous Sudan” hacking group. The group is infamous for carrying out tens of thousands of distributed denial-of-service (DDoS) attacks that target critical infrastructure, corporate networks, hospitals, and government agencies in the United States and beyond.
These hackers are most regarded for their part in the June 2023 DDos attack on Microsoft. The tech giant explained the extent of their intrusion at this time, “This recent DDoS activity targeted layer 7 rather than layer 3 or 4.” This attack established the reputation of the group who was able to disrupt multiple Microsoft services, including Outlook, Teams, SharePoint Online, OneDrive for Business, and the Azure cloud.
These hackers are believed to be a sub-group of the pro-Russian hacktivist group Killnet. It is known for their pro-Russian stance and cyber activities that align with Russia’s geopolitical interests.
A review of high-profile Anonymous Sudan’s attacks
One thing that is clear is the prolific global cyberattack resume of this group. CybelAngel’s REACT team has analyzed fully the tactics, techniques, and procedures in our full threat note.
Here is a recap of this incident timeline:
- February 2023: Scandinavian Airlines experienced a cyberattack inflicted by Anonymous Sudan, leading to system malfunctions and a passenger data breach.
- April 2023: On Israeli Independence Day, the group reportedly orchestrated DDoS attacks on the website of Israeli Prime Minister Benjamin Netanyahu, rendering it inaccessible.They allegedly compromised his Facebook account too. The assault extended to several Israeli institutions including the Haifa Port, Israel Ports Development, the National Insurance Institute, and Mossad, the national intelligence service.
- May 2023: Anonymous Sudan shifted its focus to the UAE. It targeted various governmental organizations, including airports, the Dubai police force, ministries, and media outlets.
- June 2023: Adopting the pseudonym Storm-1359, the group executed DDoS attacks on Microsoft.
- November 2023: Anonymous Sudan, alongside SiegedSec, asserted their role in the network intrusion of Cellcom Israel Ltd., an Israel-based telecom provider.
- January 2024: The group claimed an attack on the London Internet Exchange (LINX), a move seen as retaliation against British support for Israel.
- February 2024: A series of DDoS attacks attributed to Anonymous Sudan targeted prominent UK universities. These included the University of Cambridge and the University of Manchester.
- March 2024: In France government ministries became the target of DDoS attacks, an operation claimed by Anonymous Sudan. 177,000 IP addresses and over 300 web domains were affected.
Total DDoS disruption
They typically disrupt services by overwhelming systems with traffic, leading to network outages and operational disruptions. These disruptions are estimated to cost to the tune of $10 million.
In March 2024, a major breakthrough was achieved byU.S. authorities in the central district of California. They dismantled the group’s powerful DDoS tools, significantly hampering their ability to conduct further attacks.
But perhaps, one of the most serious consequences of these indictments is still ongoing.
Following the charges against individuals associated with the Anonymous Sudan group, the hacktivist community—particularly on Telegram channels—shared messages expressing resilience rather than fear.
Anonymous Sudan DDoS attacks intensify after kingpin arrests
Despite the involvement of the Department of Justice in these arrests and investigation of similar cyber activities, the mood is resilient. Hacktivist groups have coalesced around Anonymous Sudan. They perceived the DOJ’s legal actions not as a setback but as a chance to advance their cause. Far from showing signs of withdrawal or worry about the potential repercussions of law enforcement’s intervention, these collectives we
They harnessed this social media platform to coordinate and fortify their operations. They’ve delivered a message of unequivocal pushback. The detainment of the Sudanese brothers would in no way impede their own cybercriminal endeavors.
As we detail further in our threat note analysis, some groups have responded by intensifying their position by launching more Distributed Denial-of-Service (DDoS) attacks against U.S. institutions and corporations
Find out why online cyber solidarity on Telegram spells trouble
CybelAngel will continuously monitor emerging threat actor groups and affiliates to provide actionable intelligence on the evolution of the cyber landscape.
Interested in the full outline of this CybelAngel threat note?
Here are the focus areas:
- Complete intel on the Anonymous Sudan group: Their history, leaders and details on their preferred tactics, techniques, and procedures
- Threat intelligence: What are the ‘cyber solidarity’ consequences post indictment?
- Threat analysis: An explainer on the cyber hacktivism versus cyber mercenary debate
As a client you’ll enjoy full access to the report in your CybelAngel portal. But if you are not a client and wish to read it, please contact us.
Dive into the full Anonymous Sudan analysis in our new threat note
Our REACT team examine fully the wide ranging consequences, especially pertaining to distributed denial-of-service attack trends, in our full threat note. It is an excellent resource for affected IT leaders around the world.
Interested in more threat intelligence? Check out our recent Salt Typhoon analysis, ‘US Telecom Giants Under Siege: ‘Salt Typhoon’ Cyber Assault Linked to China.’