Share to: share facebook share twitter share wa share telegram print page

Anonymous Sudan

Anonymous Sudan
FoundedJanuary 2023
TypeHacker group
PurposeConducting DDoS attacks, targeting perceived anti-Muslim activities
MethodsCyberattacks, DDoS attacks
Key people
  • Ahmed Salah Yusuuf Omer
  • Alaa Salah Yusuuf Omer

Anonymous Sudan is a criminal hacker group that has been active since mid-January 2023. They are alleged to have committed over 35,000 distributed denial-of-service (DDoS) attacks against entire small countries, government agencies, universities, newspapers, hospitals and LGBT sites. While they claim to be doing it for pro-Palestinian ideological reasons, they have attempted to extort money from victims.

In a US federal grand jury indictment unsealed in October 2024, two Sudanese brothers, Ahmed Omer and Alaa Omer, were arrested and charged in March 2024 with operating and controlling Anonymous Sudan. The US Department of Justice and FBI seized and disabled the group's DDoS tools and infrastructure at that time.[1][2][3][4] Contrary to its name, there are no known links to the hacker collective Anonymous.[5] Some analysts believe it may have originated in Russia.[5][6]

Origins and identity

Despite the name, the group surfaced as a Russian-speaking Telegram channel in mid-January.[7] Some experts,[8] including cybersecurity company CyberCX,[6] believe the group originates from or is supported by Russia.[5] The group is not linked to Anonymous.[5][9]

Key people

Ahmed and Alaa Salah Yusuuf Omer are accused of running Anonymous Sudan.[4] On 16 October 2024, a federal grand jury indicted both brothers in California for their alleged roles in operating the cybercriminal organization.[2][10] The charges include conspiracy to damage protected computers, with Ahmed facing additional counts for damaging computers.

Targets and motives

Anonymous Sudan claims to target countries and organizations engaging in purported "anti-Muslim activity".[11] The group claims to be anti-Zionist,[12] as well as pro-Islam;[13][14] however, they have also collaborated with pro-Russian attack groups like Killnet,[15] and their attacks seem to align with a pro-Russian agenda.[5] As a response to the International Committee of the Red Cross rules of engagement for civilian hackers, a representative of Anonymous Sudan said these rules were "not viable and that breaking them for the group's cause is unavoidable".[16]

According to the cybersecurity firm Radware, the hacker group SN_BLACKMETA, which claims responsibility for two attacks on the Internet Archive in 2024[17][18] and claims pro-Palestinian motives, may be linked to Anonymous Sudan due to similarities in their operations, target choices, and rhetoric. Radware researchers suggested that the letters "SN" could stand for "Sudan".[19] According to a German source, SN_BLACKMETA is a Russian hacker group from the region around the Russian city of Veliky Novgorod, southeast of Saint Petersburg, and claim to have no state sponsorship.[20]

Attacks

Anonymous Sudan has launched a variety of DDoS attacks against targets in Sweden, Denmark,[21] the US,[22] Australia,[23] and other countries.[11] Their victims include Cloudflare,[24] Associated Press,[25] Netflix,[26][27] and PayPal,[28] among others. Anonymous Sudan has successfully disrupted the website of Scandinavian Airlines (SAS),[29] and even took down Microsoft 365 software suite,[6] including Teams and Outlook.[11] They also took Twitter (now known as X) offline in more than a dozen countries to pressure Elon Musk to enable Starlink service for Sudan.[30][9][31] According to the Cyberint Research Team, the group launched 670 attacks in their first 6 months of activity.[32] On 8 June 2023, Anonymous Sudan claimed responsibility for a DDoS attack on Azure portal, which caused an outage of this and other Microsoft cloud services between ~15 UTC and ~17:30 UTC.[33]

During the ongoing civil war in Sudan between the Sudanese Armed Forces (SAF) and Rapid Support Forces (RSF), Anonymous Sudan launched cyberattacks on the Kenyan government and private websites in the last week of July 2023, in retaliation for the country's support of the RSF.[34][35] In January and February 2024, Anonymous Sudan claimed to have disabled all internet services in Chad and Djibouti, respectively, as part of a cyberattack to protest the country's relations with the RSF.[32][36] The group continued attacking Intergovernmental Authority on Development (IGAD) countries,[36] including Uganda in February, due to their backing of the RSF.[37] The group also attacked the United Arab Emirates, a major supporter of the RSF.[38]

On 10 July 2023, Anonymous Sudan attacked fanfiction site Archive of Our Own with a denial-of-service attack. Anonymous Sudan claimed responsibility in a Telegram post, saying the act was motivated by the website's United States registration and its inclusion of sexual and LGBT content.[39][40] The group then demanded $30,000 worth of Bitcoin within 24 hours to end the attack.[39][40] The site came back online the next day with Cloudflare protection added.[41]

During the Israel–Hamas war, media teams operating in the region have been exposed to various kinds of cyberattack. The Jerusalem Post website went down on 9 October 2023, with Anonymous Sudan claiming responsibility. The Palestinian Authority news agency Wafa also experienced a cyberattack on 18 October 2023, as did Al-Jazeera English on 31 October 2023 and Al-Mamlaka TV on 3 November 2023.[42] In November 2023, the group targeted Israel infrastructure.[43][44] In December 2023, Anonymous Sudan launched a DDoS attack on ChatGPT,[45][46][47] after Tal Broda, a member of OpenAI's leadership, made a social media post dehumanizing Palestinians, calling for more intense bombing in Gaza, and advocating ethnic cleansing.[48][49]

In January 2024, Anonymous Sudan failed to hack the London Internet Exchange in response to the UK's missile strikes in Yemen.[12][50] The group targeted systems at the University of Cambridge and the University of Manchester on 19 February 2024, citing the United Kingdom's support for Israel in the Israel–Hamas War, and targeting these specific universities "because they are the biggest ones" they could find. Disruption was largely over by 20 February though some systems were still affected.[51]

Anonymous Sudan forced the closure of the emergency department at Cedars-Sinai Medical Center in California for approximately eight hours, redirecting incoming patients to other medical facilities. The total damages incurred as a result of these attacks were estimated to exceed $10 million.[52]

In October 2024, a US federal grand jury in the Central District of California indictment was unsealed, which detailed the March 2024 indictment, arrest, and charging of two Sudanese nationals brothers, Ahmed Salah Yusuuf Omer, 22, and Alaa Salah Yusuuf Omer, 27, for their alleged involvement in operating and controlling the cybercriminal group Anonymous Sudan.[4] They are charged with one count of conspiracy to damage protected computers, with Ahmed facing three additional counts of damaging protected computers. The indictment claims that the group was responsible for tens of thousands of DDoS attacks against critical infrastructure, corporate networks, and government agencies both in the United States and around the world.[53]

In March 2024, the US Department of Justice and FBI seized and disabled Anonymous Sudan’s Distributed Cloud Attack Tool (DCAT), which had been utilized to conduct these cyberattacks. Over a one-year period, the tool was reportedly employed in more than 35,000 DDoS attacks, impacting high-profile targets, including the U.S. Department of Justice, Department of Defense, and Cedars-Sinai Medical Center in Los Angeles.[54]

If convicted, Ahmed faces a potential maximum sentence of life in federal prison, while Alaa could face up to five years.[52]

References

  1. ^ Krebs, Brian. "Sudanese brothers arrested in 'AnonSudan' takedown - Krebs on Security". KrebsOnSecurity. Retrieved 19 October 2024.
  2. ^ a b Sganga, Nicole (16 October 2024). "2 Sudanese brothers charged with running cyberattack-for-hire gang - CBS News". www.cbsnews.com. Retrieved 17 October 2024.
  3. ^ Menn, Joseph (16 October 2024). "U.S. charges Sudanese men with running powerful cyberattack-for-hire gang". Washington Post. ISSN 0190-8286. Retrieved 17 October 2024.
  4. ^ a b c "Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World". US Department of Justice. U.S. Attorney's Office, Central District of California. Retrieved 19 October 2024.
  5. ^ a b c d e Petkauskas, Vilius (23 June 2023). "Anonymous Sudan: neither anonymous nor Sudanese". CyberNews.
  6. ^ a b c Taylor, Josh (19 June 2023). "Hackers behind Microsoft outage most likely Russian-backed group aiming to 'drive division' in the west". The Guardian. ISSN 0261-3077. Retrieved 11 July 2023.
  7. ^ "Anonymous Sudan | NETSCOUT". www.netscout.com. Retrieved 14 February 2024.
  8. ^ "'Hactivists' who targeted Microsoft claim they're working for Sudan". Fortune Europe. Retrieved 14 February 2024.
  9. ^ a b Shah, Saqib (29 August 2023). "Hacker group behind Twitter outage mocks Elon Musk's rebrand". Evening Standard. Retrieved 14 February 2024.
  10. ^ Bestari, Novina Putri. "Internet Lumpuh Gara-gara Ulah Kakak Beradik, Nasibnya Tragis". CNBC Indonesia (in Indonesian). Retrieved 17 October 2024.
  11. ^ a b c "What is Anonymous Sudan?". Cloudflare.
  12. ^ a b Gold, Jon. "London internet attack highlights confusing hacktivism movement". CSO Online. Retrieved 14 February 2024.
  13. ^ "Anonymous Sudan: Pro-Islamic Hacker Group Engages in Cryptocurrency Donation Campaign". ICT. 27 November 2023. Retrieved 14 February 2024.
  14. ^ "Posing as Islamists, Russian Hackers Take Aim at Sweden". Bloomberg.com. 14 May 2023. Retrieved 14 February 2024.
  15. ^ "Anonymous Sudan and Killnet Factor in the Russia-Ukraine War in the Context of Cyber Security". Future Human Image (19): 34–40. 2023. ISSN 2311-8822.
  16. ^ Tidy, Joe (4 October 2023). "Rules of engagement issued to hacktivists after chaos". BBC News. Retrieved 15 October 2023.
  17. ^ Lyons, Jessica (29 May 2024), Multi-day DDoS storm batters Internet Archive, The Register, archived from the original on 1 June 2024
  18. ^ Davis, Wes (10 October 2024), The Internet Archive is under attack, with a breach revealing info for 31 million accounts, The Verge, archived from the original on 10 October 2024, retrieved 10 October 2024
  19. ^ Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA, Radware, 24 July 2024, archived from the original on 10 October 2024
  20. ^ Schräer, Frank. "Cyber attack on Internet Archive apparently carried out by Russian hackers". Heise Online. Retrieved 17 October 2024.
  21. ^ "LockBit, Anonymous Sudan Attacks and More". GlobalSign. 29 November 2023. Retrieved 14 February 2024.
  22. ^ "Anonymous Sudan's DDoS attacks against US targets". InCyber. 21 July 2023. Retrieved 14 February 2024.
  23. ^ "Who is 'Anonymous Sudan'?". ABC listen. 19 June 2023. Retrieved 14 February 2024.
  24. ^ Staff, S. C. (13 November 2023). "Anonymous Sudan DDoS attack hits Cloudflare website". SC Media. Retrieved 14 February 2024.
  25. ^ "AP cyberattack: Has Anonymous Sudan hit Associated Press?". 1 November 2023. Retrieved 14 February 2024.
  26. ^ "Netflix impacted by Anonymous Sudan DDoS attack". Media. 2 October 2023.
  27. ^ Power, Shannon (29 September 2023). "Netflix taken down by hackers over LGBTQ+ content". Newsweek. Retrieved 14 February 2024.
  28. ^ "Anonymous Sudan claims successful DDoS cyberattack on PayPal". 17 July 2023. Retrieved 14 February 2024.
  29. ^ Staff, S. C. (1 June 2023). "Scandinavian Airlines receives $3M demand to cease Anonymous Sudan DDoS attacks". SC Media. Retrieved 14 February 2024.
  30. ^ "Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink". BBC News. 31 August 2023. Retrieved 13 February 2024.
  31. ^ Farmer, Ben (31 August 2023). "Hackers shut down Twitter putting Musk under pressure to extend Starlink internet service to Sudan". The Telegraph. ISSN 0307-1235. Retrieved 14 February 2024.
  32. ^ a b "Anonymous Sudan Launches Cyberattack on Chad Telco". www.darkreading.com. Retrieved 14 February 2024.
  33. ^ "Azure status history | Microsoft Azure". azure.status.microsoft. Retrieved 13 February 2024.
  34. ^ "Sudan hackers target Kenyan govt websites". Radio Dabanga. 31 July 2023. Archived from the original on 30 July 2023. Retrieved 31 July 2023.
  35. ^ "Kenya cyber-attack: Why is eCitizen down?". 28 July 2023. Retrieved 14 February 2024.
  36. ^ a b "Anonymous Sudan hacks IGAD countries over alleged RSF support". Sudan Tribune. 6 February 2024. Retrieved 7 February 2024.
  37. ^ Kwinika, Savious Parker (9 February 2024). "Anonymous Sudan attacks again, this time in Uganda". ITWeb Africa. Retrieved 14 February 2024.
  38. ^ "Anonymous Sudan claims responsibility for cyber attacks on UAE entities | Digital Watch Observatory". 2 February 2024. Retrieved 14 February 2024.
  39. ^ a b Hollingworth, David (11 July 2023). "Fanfic Writers Targeted by Anonymous Sudan in Apparent DDOS Attack on AO3". Cyber Security Connect. Retrieved 11 July 2023.
  40. ^ a b Diaz, Ana (10 July 2023). "Archive of Our Own is down due to a DDoS attack". Polygon. Retrieved 11 July 2023.
  41. ^ Weatherbed, Jess (11 July 2023). "The massive fanfic archive AO3 is back after a wave of DDoS attacks". The Verge. Retrieved 11 July 2023.
  42. ^ "Attacks, arrests, threats, censorship: The high risks of reporting the Israel-Gaza war". Committee to Protect Journalists. Archived from the original on 13 November 2023. Retrieved 13 November 2023.
  43. ^ "Anonymous Sudan Targets Israel's Critical Infrastructure – Westoahu Cybersecurity". Retrieved 14 February 2024.
  44. ^ "How hackers piled onto the Israeli-Hamas conflict". POLITICO. 15 October 2023. Retrieved 14 February 2024.
  45. ^ Jain, Samiksha (15 December 2023). "Anonymous Sudan Targets OpenAI Again, Demands Firing of Research Head". The Cyber Express. Archived from the original on 17 December 2023.
  46. ^ Sharma, Aakash (19 December 2023). "'Will target ChatGPT until it stops dehumanizing Palestinians': Hackers on outage". India Today. Delhi. Archived from the original on 28 December 2023.
  47. ^ Winder, Davey. "ChatGPT Down As Anonymous Sudan Hackers Claim Responsibility". Forbes. Retrieved 14 February 2024.
  48. ^ Sabin, Sam. "Anonymous Sudan hacking group sets sights on ChatGPT". Axios. Retrieved 14 January 2024.
  49. ^ Varanasi, Lakshmi (15 December 2023). "Hackers behind recent ChatGPT outage say they'll target the AI bot until it stops 'dehumanizing' Palestinians". Business Insider. Archived from the original on 17 December 2023.
  50. ^ "Anonymous Sudan claims cyberattack on London Internet Exchange in response to UK's Yemen strikes". teiss. Retrieved 14 February 2024.
  51. ^ Jack, Patrick (20 February 2024). "UK universities targeted by cyberattack". Times Higher Education. Retrieved 22 February 2024.
  52. ^ a b "Sudanese brothers charged for 'Anonymous Sudan' attacks targeting critical infrastructure, government agencies and hospitals". therecord.media. Retrieved 17 October 2024.
  53. ^ Baran, Guru (17 October 2024). "Anonymous Sudan Hackers Charged for Cyber Attacks on Critical Infrastructure". Cyber Security News. Retrieved 17 October 2024.
  54. ^ "US charges 2 with running 'Anonymous Sudan' hacking group". Nextgov.com. 16 October 2024. Retrieved 17 October 2024.
Kembali kehalaman sebelumnya