Since its inception on January 18, 2023, Anonymous Sudan, a self-identified cyber-activist group, has rapidly gained notoriety for its aggressive campaigns against selected nations and entities. The group’s actions and motivations present a significant case study in the evolution of cyber warfare tactics.
Anonymous Sudan Timeline view
The Birth of the Anonymous Sudan Telegram Channel
Born out of opposition to perceived international hostilities towards Sudan, the Anonymous Sudan Telegram channel issued a clear and straightforward initial statement: “We will attack any country with cyber attacks against those who oppose Sudan.”
The Swedish Offensive
Only five days after their creation, on January 23, 2023, Anonymous Sudan targeted a variety of Swedish sites, ostensibly as a reaction to incidents involving the desecration of the holy Qur’an in the country. The affected websites represented a diverse range of sectors, from governmental institutions and military to education, banking, and even airports.
Among those targeted were the Swedish Armed Forces, Sweden‘s central bank, and the official website of the Swedish Police. This broad and intense offensive on Swedish cyberspace underscored the group’s capabilities and set a precedent for its future actions.
Takedown of Pegida Websites
In a separate operation, Anonymous Sudan targeted and successfully took down the websites of the Pegida movement, a German nationalist, anti-Islam, far-right political organization. The targeted sites included Pegida’s official websites in the Netherlands and Germany.
The Netherlands Targeted
The Netherlands didn’t escape the group’s attention, either. On January 24, 2023, Anonymous Sudan set its sights on several Dutch websites. This campaign targeted the official websites of the Dutch Police, the Government of the Netherlands, and various other government departments. Even the website of the municipality of The Hague was affected in this attack.
German Airports Under Attack
The following day, on January 25, the group moved its focus to German airports. Frankfurt-Hahn Airport and Stuttgart Airport’s official websites were among the notable targets.
The Dutch Airport Offensive
On January 27, 2023, the group’s focus was back on Dutch soil, but this time the targets were the country’s airports. Major airports, including Rotterdam The Hague Airport, Maastricht Aachen Airport, Amsterdam Airport Schiphol, and Eindhoven Airport, were all victims of the group’s concerted cyber-attack.
Dutch Medical Infrastructure Targeted
On January 28, 2023, Anonymous Sudan launched a cyber-attack on the Dutch healthcare sector. The attack marked a departure from the group’s previous campaigns, targeting instead essential services that directly impact people’s health and wellbeing.
The cyber-attacks were directed towards several key medical institutions in the Netherlands. Some of the targeted institutions included notable university medical centers such as the UMC Utrecht, Leiden University Medical Center (LUMC), Radboud University Medical Center, and Maastricht University Medical Center (MUMC).
But university medical centers weren’t the only entities targeted. Other hospitals like Erasmus Medical Center, Catharina Hospital, Jeroen Bosch Hospital, Máxima Medical Center, Medisch Spectrum Twente, and Reinier de Graaf Hospital also found themselves under attack.
The targeting of healthcare infrastructure represents a dangerous escalation in Anonymous Sudan’s activities. While cyber-attacks on government or financial institutions can cause significant disruption, attacks on healthcare facilities could potentially have life-threatening consequences.
Anonymous Sudan Attacks Denmark’s Government Websites
On January 29th, 2023, Anonymous Sudan continued their wave of cyber-attacks by targeting governmental websites in Denmark. The group stated the motive behind these attacks was Denmark’s alleged burning of the holy Qur’an.
The attack encompassed a broad spectrum of Danish government websites, including the police, health authority, foreign affairs ministry, central bank, and armed forces. Each of these attacks was confirmed by a report on Check Host, a service that monitors the status and health of websites.
Anonymous Sudan Launches a Cyber Onslaught on U.S. Healthcare and Border Protection
On February 2, 2023, Anonymous Sudan broadened its target landscape to include U.S. healthcare institutions and the Department of Homeland Security’s Customs and Border Protection (CBP) portal. This follows a pattern of the group’s ongoing cyber warfare, which has previously impacted various countries worldwide.
The series of attacks on February 2nd targeted a mix of medical institutions and organizations across the United States. The affected organizations ranged from general health services, such as Lovelace and the University of Colorado Health, to more specialized healthcare institutions like Hudson Regional Hospital and the Jackson Health System’s transplant department.
In a unique twist, Anonymous Sudan also targeted the web Automated Manifest System (AMS) of the U.S. CBP. This service is essential for managing and tracking cargo shipments, and any disruption to its operations could significantly impact U.S. border activities.
Anonymous Sudan Collaborates with Other Hacker Groups to Target Microsoft
On February 3, 2023, Anonymous Sudan ramped up its cyber offensive, reportedly in cooperation with other hacker groups, to target Microsoft’s official website. The group expressed solidarity with Russian hackers, thanking them for their previous support of Sudan.
A reported outage of Microsoft’s primary web presence was confirmed by a Check Host report. This attack marks a significant escalation of Anonymous Sudan’s activities, as Microsoft represents a primary cornerstone of the global technology infrastructure.
This recent attack signifies a shift in the landscape of cyber warfare, highlighting the emergence of cross-national hacker alliances. Alongside Anonymous Sudan, the ‘Infinity Hackers Group,’ ‘KILLNET,’ and ‘ANONYMOUS RUSSIA’ are mentioned.
Anonymous Sudan Continues to Ramp Up Cyber Attacks
Anonymous Sudan and its associated hacker alliances have reportedly continued their aggressive campaign of cyber attacks, targeting numerous prominent websites, including Yahoo, UPS, Uscellular, AT&T, NASA, and even cybersecurity provider Radware. The continued campaign signifies an escalation in the severity of these cyber threats.
Between February 4 and February 7, 2023, the hackers successfully took down websites belonging to tech giant Yahoo, logistics company UPS, telecom operators Uscellular and AT&T, and space agency NASA. Radware, a cybersecurity company offering DDoS protection services, was also targeted, underlining the audacity of these hackers.
On February 8th, 2023, the hacking collective continued their campaign by successfully taking down several Swedish airports’ websites, adding another critical industry – air travel – to their list of targets.
Swedish Healthcare Sector Hit by Cyber Attacks
On February 10, 2023, a multitude of Swedish hospitals and healthcare providers fell victim to significant cyber attacks. The hackers, claiming to represent Anonymous Sudan, targeted the health sector to retaliate for the alleged burning of the holy Quran in Sweden.
Key health sector websites affected by the cyber onslaught include:
- Nusjukvården (Norrbotten County Council Healthcare)
- Sahlgrenska University Hospital
- Södersjukhuset (Southern Hospital)
- Sophiahemmet Hospital
- Akademiska Hospital
- Västra Götaland Region
- Ersta Diakoni
- Region Kalmar
- 1177 Vårdguiden (The Healthcare Guide 1177)
- Region Östergötland (Östergötland County Council)
- Region Sörmland (Sörmland County Council)
- Region Skåne
- Cancer Centrum
- Region Västerbotten
- Capio St. Göran’s Hospital
- Karolinska University Hospital
- Region Örebro County
- Danderyds Sjukhus (Danderyd Hospital)
Swedish Educational Sector Suffers Cyber Attacks
On February 11, 2023, major educational institutions in Sweden were targeted by significant cyber attacks. Anonymous Sudan, claimed these attacks.
Several key Swedish educational websites were targeted, including:
- University of Skövde
- Stockholm University
- Swedish University of Agricultural Sciences
- Dalarna University
- Uppsala University
- Karlstad University
Cyber Attacks Continue on Swedish Infrastructure Throughout February
Throughout February 2023, various key infrastructure elements of Sweden, including airlines, healthcare, education, and now the railway system, have been subjected to relentless cyber attacks.
| Target | Sector |
|---|---|
| Arlanda Express | Railways |
| Inlandsbanan | Railways |
| Jönköpings Länstrafik | Railways |
| Norrtåg | Railways |
| SJ (Statens Järnvägar) | Railways |
| BankID | Apps for Banking |
| e-legitimation | Apps for Banking |
| Freja eID | Apps for Banking |
| Kivra | Payment Systems |
| Avanza Bank | Payment Systems |
| Klarna | Payment Systems |
| Bankgirot | Payment Systems |
| Vattenfall | Powergrid/Energy |
| Ellevio | Powergrid/Energy |
| Fortum | Powergrid/Energy |
| Svenska kraftnät | Powergrid/Energy |
| Swedish Energy Agency | Energy Control Center |
| Stokab | Internet Tier – Root |
| STHIX (Stockholm Internet eXchange) | Internet Tier – Root |
| Netnod | Internet Tier – Root |
| Excedo Networks | Internet Tier – Root |
| IXP Manager IXOR | Internet Tier – Root |
| InfraCom | Internet Tier – Root |
| SOLIX | Internet Tier – Root |
| Lidero Networks | Internet Tier – Root |
| GleSYS | Domain and Host Services |
| Ports Group | Domain and Host Services |
| Loopia | Domain and Host Services |
| Saab Group | Military |
| Swedish Armed Forces | Military |
| Teracom | Military |
| Tele2 | Phone – Network – TV |
Cyber Attacks Continue: Anonymous Sudan Targets France and Australia
In March 2023, cyber attacks linked to Anonymous Sudan have expanded their scope to include France and Australia. These assaults appear to be driven by religious and cultural grievances and have now targeted airports, hospitals, and educational institutions in France, as well as the healthcare sector in Australia.
France
Airports:
- Aéroports de Paris
- Paris-Vatry Airport
- Lyon-Saint Exupéry Airport
- Marseille Provence Airport
- Bordeaux Airport
Healthcare:
- Assistance Publique – Hôpitaux de Paris
- Musée de l’Armée
- Besançon University Hospital
- Necker-Enfants Malades Hospital
- Foch Hospital
Education:
- University of Paris-Saclay
- PSL Research University
- Sorbonne Paris Cité
- University of Angers
- Aix-Marseille University
- University of Artois
Australia
The cyber attacks in Australia are reportedly a response to a perceived cultural offense during a fashion exhibition in Melbourne where designs of naked women contained Arabic words referencing “God Almighty”. The healthcare sector has been specifically targeted:
- Royal Adelaide Hospital
- Calvary Health Care
- Western Sydney Local Health District
- Burnside War Memorial Hospital
- Bethesda Hospital
- Visit Canberra
- The Royal Melbourne Hospital
- The Royal Children’s Hospital
Anonymous Sudan Escalates Cyber Attacks: Targets Denmark, Israel, and India
Anonymous Sudan has continued their wave of cyber attacks, now expanding their targets to include Denmark, Israel, and India in April 2023. Once again, the hacker group’s motives seem rooted in political and religious issues, specifically actions perceived as harmful towards Muslim populations and the Palestinian-Israeli conflict.
Denmark
Airports:
- Aalborg Airport
- Esbjerg Airport
- Billund Airport
- Midtjylland Airport
- Odense Hans Christian Andersen Airport
Israel
On April 7th, the group issued a significant threat against Israel, indicating a large-scale attack in response to perceived injustices in Palestine. They claim their attack capability includes 35 million requests per second (Layer 7) and up to 4 TB UDP – 1.7 TB SYN (Layer 4).
Anonymous Sudan’s Summer of Disruption: A Quick Timeline
Scandinavian Airlines Attack: May 24
The summer began with a severe disruption to Scandinavian Airlines (SAS). On May 24th, Anonymous Sudan successfully breached the airline’s website and mobile app. The fallout was significant: systems went offline, flight activities were disrupted, and passengers were stranded at airports.
Microsoft Targeted: June 5 – June 16
By June, Anonymous Sudan had a new target in its crosshairs: the technology behemoth, Microsoft. The hacker collective announced their intent on June 5th, with Microsoft later confirming the attack on June 16th. Although there were substantial disruptions to various Microsoft products and services, the company reassured users that there was no evidence of customer data being accessed or compromised.
Threats Against Financial Institutions: June 14
Mid-June saw a concerning announcement from Anonymous Sudan via their official Telegram channel. The group threatened a “massive attack” on European and US financial institutions, specifically targeting the SWIFT payment system. Anonymous Sudan stated they were in collaboration with other cybercriminal entities, KillNet and REvil, for this operation. The protest was against the West’s financial and military support of Ukraine.
KillNet’s Claims: June 16
Two days after the threatening announcement, KillNet posted about several Western financial systems it claimed to be targeting.
European Investment Bank Attacked: June 19
On June 19th, Anonymous Sudan announced an attack on the European Investment Bank. The bank later confirmed that it had been a victim of a DDoS attack, further emphasizing the global reach of Anonymous Sudan’s operations.
Anonymous Sudan their strategic approach
This hacker group, appears to have developed a strategic approach to their cyber-attacks, focusing on key sectors that are critical to a nation’s function and well-being.
Their main targets seem to be:
- Healthcare: By attacking hospitals and healthcare providers, they potentially disrupt critical medical services and potentially compromise sensitive patient data. This can cause significant distress and can have real-world implications for patient care.
- Education: The group targets educational institutions, including universities, which may disrupt learning, research activities, and administrative functions. Moreover, these institutions often hold a vast amount of personal data, making them attractive targets for hackers.
- Finance: Financial institutions such as banks or payment systems are often targeted due to their obvious economic importance. Successful attacks can lead to financial losses, disrupt economies, and undermine public confidence in these institutions.
- Critical Infrastructure: This includes airports, power grids, and official government websites, among others. Attacks on these services can cause massive disruptions, financial loss, and can impact national security.
Anonymous Sudan primarily utilizes Distributed Denial of Service (DDoS) attacks, which overload servers with an immense volume of requests, causing the targeted systems to slow down or crash. This disruption in services can lead to significant financial and reputational damage for the targeted organizations.
In some instances, the group demands a ransom to cease their attacks. These demands add another layer of complexity and potential financial burden to the victims of these cyber-attacks.
These strategies reflect a clear intent to cause widespread disruption and damage
