A Timeline of Anonymous Sudan’s Attacks on Global Sectors

Estimated read time 11 min read

Since its inception on January 18, 2023, Anonymous Sudan, a self-identified cyber-activist group, has rapidly gained notoriety for its aggressive campaigns against selected nations and entities. The group’s actions and motivations present a significant case study in the evolution of cyber warfare tactics.

Anonymous Sudan Timeline view

Anonymous Sudan Timeline view
Anonymous Sudan Timeline view

The Birth of the Anonymous Sudan Telegram Channel

Born out of opposition to perceived international hostilities towards Sudan, the Anonymous Sudan Telegram channel issued a clear and straightforward initial statement: “We will attack any country with cyber attacks against those who oppose Sudan.”

January 18, 2023, the birth of the Anonymous Sudan Telegram Channel
January 18, 2023, the birth of the Anonymous Sudan Telegram Channel

The Swedish Offensive

Only five days after their creation, on January 23, 2023, Anonymous Sudan targeted a variety of Swedish sites, ostensibly as a reaction to incidents involving the desecration of the holy Qur’an in the country. The affected websites represented a diverse range of sectors, from governmental institutions and military to education, banking, and even airports.

The Swedish Offensive
The Swedish Offensive

Among those targeted were the Swedish Armed Forces, Sweden‘s central bank, and the official website of the Swedish Police. This broad and intense offensive on Swedish cyberspace underscored the group’s capabilities and set a precedent for its future actions.

Takedown of Pegida Websites

In a separate operation, Anonymous Sudan targeted and successfully took down the websites of the Pegida movement, a German nationalist, anti-Islam, far-right political organization. The targeted sites included Pegida’s official websites in the Netherlands and Germany.

The Netherlands Targeted

Dutch Police illustration
Dutch Police illustration

The Netherlands didn’t escape the group’s attention, either. On January 24, 2023, Anonymous Sudan set its sights on several Dutch websites. This campaign targeted the official websites of the Dutch Police, the Government of the Netherlands, and various other government departments. Even the website of the municipality of The Hague was affected in this attack.

German Airports Under Attack

The following day, on January 25, the group moved its focus to German airports. Frankfurt-Hahn Airport and Stuttgart Airport’s official websites were among the notable targets.

The Dutch Airport Offensive

On January 27, 2023, the group’s focus was back on Dutch soil, but this time the targets were the country’s airports. Major airports, including Rotterdam The Hague Airport, Maastricht Aachen Airport, Amsterdam Airport Schiphol, and Eindhoven Airport, were all victims of the group’s concerted cyber-attack.

Dutch Medical Infrastructure Targeted

On January 28, 2023, Anonymous Sudan launched a cyber-attack on the Dutch healthcare sector. The attack marked a departure from the group’s previous campaigns, targeting instead essential services that directly impact people’s health and wellbeing.

The cyber-attacks were directed towards several key medical institutions in the Netherlands. Some of the targeted institutions included notable university medical centers such as the UMC Utrecht, Leiden University Medical Center (LUMC), Radboud University Medical Center, and Maastricht University Medical Center (MUMC).

Dutch Medical Infrastructure Targeted
Dutch Medical Infrastructure Targeted

But university medical centers weren’t the only entities targeted. Other hospitals like Erasmus Medical Center, Catharina Hospital, Jeroen Bosch Hospital, Máxima Medical Center, Medisch Spectrum Twente, and Reinier de Graaf Hospital also found themselves under attack.

The targeting of healthcare infrastructure represents a dangerous escalation in Anonymous Sudan’s activities. While cyber-attacks on government or financial institutions can cause significant disruption, attacks on healthcare facilities could potentially have life-threatening consequences.

Anonymous Sudan Attacks Denmark’s Government Websites

On January 29th, 2023, Anonymous Sudan continued their wave of cyber-attacks by targeting governmental websites in Denmark. The group stated the motive behind these attacks was Denmark’s alleged burning of the holy Qur’an.

The attack encompassed a broad spectrum of Danish government websites, including the police, health authority, foreign affairs ministry, central bank, and armed forces. Each of these attacks was confirmed by a report on Check Host, a service that monitors the status and health of websites.

Anonymous Sudan Launches a Cyber Onslaught on U.S. Healthcare and Border Protection

On February 2, 2023, Anonymous Sudan broadened its target landscape to include U.S. healthcare institutions and the Department of Homeland Security’s Customs and Border Protection (CBP) portal. This follows a pattern of the group’s ongoing cyber warfare, which has previously impacted various countries worldwide.

The series of attacks on February 2nd targeted a mix of medical institutions and organizations across the United States. The affected organizations ranged from general health services, such as Lovelace and the University of Colorado Health, to more specialized healthcare institutions like Hudson Regional Hospital and the Jackson Health System’s transplant department.

In a unique twist, Anonymous Sudan also targeted the web Automated Manifest System (AMS) of the U.S. CBP. This service is essential for managing and tracking cargo shipments, and any disruption to its operations could significantly impact U.S. border activities.

Anonymous Sudan Collaborates with Other Hacker Groups to Target Microsoft

On February 3, 2023, Anonymous Sudan ramped up its cyber offensive, reportedly in cooperation with other hacker groups, to target Microsoft’s official website. The group expressed solidarity with Russian hackers, thanking them for their previous support of Sudan.

February 3, 2023, Anonymous Sudan
February 3, 2023, Anonymous Sudan

A reported outage of Microsoft’s primary web presence was confirmed by a Check Host report. This attack marks a significant escalation of Anonymous Sudan’s activities, as Microsoft represents a primary cornerstone of the global technology infrastructure.

This recent attack signifies a shift in the landscape of cyber warfare, highlighting the emergence of cross-national hacker alliances. Alongside Anonymous Sudan, the ‘Infinity Hackers Group,’ ‘KILLNET,’ and ‘ANONYMOUS RUSSIA’ are mentioned.

Anonymous Sudan Continues to Ramp Up Cyber Attacks

Anonymous Sudan and its associated hacker alliances have reportedly continued their aggressive campaign of cyber attacks, targeting numerous prominent websites, including Yahoo, UPS, Uscellular, AT&T, NASA, and even cybersecurity provider Radware. The continued campaign signifies an escalation in the severity of these cyber threats.

Between February 4 and February 7, 2023, the hackers successfully took down websites belonging to tech giant Yahoo, logistics company UPS, telecom operators Uscellular and AT&T, and space agency NASA. Radware, a cybersecurity company offering DDoS protection services, was also targeted, underlining the audacity of these hackers.

On February 8th, 2023, the hacking collective continued their campaign by successfully taking down several Swedish airports’ websites, adding another critical industry – air travel – to their list of targets.

Swedish Healthcare Sector Hit by Cyber Attacks

On February 10, 2023, a multitude of Swedish hospitals and healthcare providers fell victim to significant cyber attacks. The hackers, claiming to represent Anonymous Sudan, targeted the health sector to retaliate for the alleged burning of the holy Quran in Sweden.

Swedish Healthcare Sector Hit by Cyber Attacks
Swedish Healthcare Sector Hit by Cyber Attacks

Key health sector websites affected by the cyber onslaught include:

  • Nusjukvården (Norrbotten County Council Healthcare)
  • Sahlgrenska University Hospital
  • Södersjukhuset (Southern Hospital)
  • Sophiahemmet Hospital
  • Akademiska Hospital
  • Västra Götaland Region
  • Ersta Diakoni
  • Region Kalmar
  • 1177 Vårdguiden (The Healthcare Guide 1177)
  • Region Östergötland (Östergötland County Council)
  • Region Sörmland (Sörmland County Council)
  • Region Skåne
  • Cancer Centrum
  • Region Västerbotten
  • Capio St. Göran’s Hospital
  • Karolinska University Hospital
  • Region Örebro County
  • Danderyds Sjukhus (Danderyd Hospital)

Swedish Educational Sector Suffers Cyber Attacks

On February 11, 2023, major educational institutions in Sweden were targeted by significant cyber attacks. Anonymous Sudan, claimed these attacks.

Several key Swedish educational websites were targeted, including:

  • University of Skövde
  • Stockholm University
  • Swedish University of Agricultural Sciences
  • Dalarna University
  • Uppsala University
  • Karlstad University

Cyber Attacks Continue on Swedish Infrastructure Throughout February

Throughout February 2023, various key infrastructure elements of Sweden, including airlines, healthcare, education, and now the railway system, have been subjected to relentless cyber attacks.

Arlanda ExpressRailways
Jönköpings LänstrafikRailways
SJ (Statens Järnvägar)Railways
BankIDApps for Banking
e-legitimationApps for Banking
Freja eIDApps for Banking
KivraPayment Systems
Avanza BankPayment Systems
KlarnaPayment Systems
BankgirotPayment Systems
Svenska kraftnätPowergrid/Energy
Swedish Energy AgencyEnergy Control Center
StokabInternet Tier – Root
STHIX (Stockholm Internet eXchange)Internet Tier – Root
NetnodInternet Tier – Root
Excedo NetworksInternet Tier – Root
IXP Manager IXORInternet Tier – Root
InfraComInternet Tier – Root
SOLIXInternet Tier – Root
Lidero NetworksInternet Tier – Root
GleSYSDomain and Host Services
Ports GroupDomain and Host Services
LoopiaDomain and Host Services
Saab GroupMilitary
Swedish Armed ForcesMilitary
Tele2Phone – Network – TV
Overview of targets mentioned by Anonymous Sudan on their Telegram channel

Cyber Attacks Continue: Anonymous Sudan Targets France and Australia

In March 2023, cyber attacks linked to Anonymous Sudan have expanded their scope to include France and Australia. These assaults appear to be driven by religious and cultural grievances and have now targeted airports, hospitals, and educational institutions in France, as well as the healthcare sector in Australia.



  • Aéroports de Paris
  • Paris-Vatry Airport
  • Lyon-Saint Exupéry Airport
  • Marseille Provence Airport
  • Bordeaux Airport


  • Assistance Publique – Hôpitaux de Paris
  • Musée de l’Armée
  • Besançon University Hospital
  • Necker-Enfants Malades Hospital
  • Foch Hospital


  • University of Paris-Saclay
  • PSL Research University
  • Sorbonne Paris Cité
  • University of Angers
  • Aix-Marseille University
  • University of Artois


The cyber attacks in Australia are reportedly a response to a perceived cultural offense during a fashion exhibition in Melbourne where designs of naked women contained Arabic words referencing “God Almighty”. The healthcare sector has been specifically targeted:

  • Royal Adelaide Hospital
  • Calvary Health Care
  • Western Sydney Local Health District
  • Burnside War Memorial Hospital
  • Bethesda Hospital
  • Visit Canberra
  • The Royal Melbourne Hospital
  • The Royal Children’s Hospital

Anonymous Sudan Escalates Cyber Attacks: Targets Denmark, Israel, and India

Anonymous Sudan has continued their wave of cyber attacks, now expanding their targets to include Denmark, Israel, and India in April 2023. Once again, the hacker group’s motives seem rooted in political and religious issues, specifically actions perceived as harmful towards Muslim populations and the Palestinian-Israeli conflict.



  • Aalborg Airport
  • Esbjerg Airport
  • Billund Airport
  • Midtjylland Airport
  • Odense Hans Christian Andersen Airport


On April 7th, the group issued a significant threat against Israel, indicating a large-scale attack in response to perceived injustices in Palestine. They claim their attack capability includes 35 million requests per second (Layer 7) and up to 4 TB UDP – 1.7 TB SYN (Layer 4).

Anonymous Sudan’s Summer of Disruption: A Quick Timeline

Scandinavian Airlines Attack: May 24

The summer began with a severe disruption to Scandinavian Airlines (SAS). On May 24th, Anonymous Sudan successfully breached the airline’s website and mobile app. The fallout was significant: systems went offline, flight activities were disrupted, and passengers were stranded at airports.

Microsoft Targeted: June 5 – June 16

By June, Anonymous Sudan had a new target in its crosshairs: the technology behemoth, Microsoft. The hacker collective announced their intent on June 5th, with Microsoft later confirming the attack on June 16th. Although there were substantial disruptions to various Microsoft products and services, the company reassured users that there was no evidence of customer data being accessed or compromised.

Threats Against Financial Institutions: June 14

Mid-June saw a concerning announcement from Anonymous Sudan via their official Telegram channel. The group threatened a “massive attack” on European and US financial institutions, specifically targeting the SWIFT payment system. Anonymous Sudan stated they were in collaboration with other cybercriminal entities, KillNet and REvil, for this operation. The protest was against the West’s financial and military support of Ukraine.

KillNet’s Claims: June 16

Two days after the threatening announcement, KillNet posted about several Western financial systems it claimed to be targeting.

European Investment Bank Attacked: June 19

On June 19th, Anonymous Sudan announced an attack on the European Investment Bank. The bank later confirmed that it had been a victim of a DDoS attack, further emphasizing the global reach of Anonymous Sudan’s operations.

Anonymous Sudan their strategic approach

Anonymous Sudan their strategic approach
Anonymous Sudan their strategic approach

This hacker group, appears to have developed a strategic approach to their cyber-attacks, focusing on key sectors that are critical to a nation’s function and well-being.

Their main targets seem to be:

  1. Healthcare: By attacking hospitals and healthcare providers, they potentially disrupt critical medical services and potentially compromise sensitive patient data. This can cause significant distress and can have real-world implications for patient care.
  2. Education: The group targets educational institutions, including universities, which may disrupt learning, research activities, and administrative functions. Moreover, these institutions often hold a vast amount of personal data, making them attractive targets for hackers.
  3. Finance: Financial institutions such as banks or payment systems are often targeted due to their obvious economic importance. Successful attacks can lead to financial losses, disrupt economies, and undermine public confidence in these institutions.
  4. Critical Infrastructure: This includes airports, power grids, and official government websites, among others. Attacks on these services can cause massive disruptions, financial loss, and can impact national security.

Anonymous Sudan primarily utilizes Distributed Denial of Service (DDoS) attacks, which overload servers with an immense volume of requests, causing the targeted systems to slow down or crash. This disruption in services can lead to significant financial and reputational damage for the targeted organizations.

In some instances, the group demands a ransom to cease their attacks. These demands add another layer of complexity and potential financial burden to the victims of these cyber-attacks.

These strategies reflect a clear intent to cause widespread disruption and damage

Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author