Originating in the heart of Africa, a group known as Anonymous Sudan has made a significant impact on the global cyber scene. Driven by strong religious beliefs, these hackers have launched a wave of cyber attacks, primarily as denial-of-service campaigns against numerous Swedish and Danish organizations, including critical infrastructure. These attacks, tagged #OpSweden and #OpDenmark, have been ongoing since January 23, 2023.
Identifying as “hacktivists,” the group’s actions are reportedly a reaction to the activities of a prominent far-right activist named Rasmus Paludan, a dual citizen of Denmark and Sweden. Paludan sparked outrage by burning a copy of the Quran in Sweden on January 21, 2023. He also pledged to continue such acts in Denmark until Sweden becomes a NATO member.
March 2023 saw Anonymous Sudan embarking on an extensive campaign, targeting French universities, medical facilities, and airports. The group cited a cartoon depicting Prophet Muhammad, allegedly a reference to the contentious Charlie Hebdo illustrations, as the motivation behind the attacks.
During the same timeframe, the group also claimed responsibility for leaking data from several airlines and payment providers, suggesting that they had infiltrated these organizations and were offering sensitive data for sale.
Due to shared objectives regarding Sweden, Killnet, a known cluster of hacktivists targeting Western nations and countries opposing Russia, acknowledged Anonymous Sudan as an official member.
Despite suggestions that Anonymous Sudan could be a false flag operation by the Russian government, only indirect evidence is available. A Danish journalist confirmed in an interview that the group’s leader is a proficient Arabic speaker and practices Islam.
Fast-forwarding to June 6, 2023, Microsoft’s Azure Portal faced an outage as Anonymous Sudan declared that it was initiating a DDoS attack against the site. The portal displayed an error message and seemed to be unavailable, while the mobile app seemed to be unaffected.
Microsoft acknowledged the incident on their Azure status page, confirming their awareness and attempts to mitigate the issue. In a post last updated at 16:35 UTC on June 9, 2023, Microsoft stated that they had identified a potential root cause and were actively applying load balancing processes to address the problem.
At the same time, Anonymous Sudan, via their Telegram channel, shared an image of the Azure portal’s unavailability, taking credit for the DDoS attack.
They stated their goal as a hacktivist group targeting US companies in protest of the United States’ involvement in Sudanese internal affairs. However, speculation persists that this could be a ruse and that the actual threat actors may be Russian.
Regardless of the threat actor’s origins, this development has cast a shadow over Microsoft’s operations, with multiple Microsoft web portals, including Outlook.com and OneDrive, also suffering from simultaneous outages. Although Microsoft hasn’t confirmed if these outages were due to DDoS attacks, they did imply that the issues weren’t merely technical.
“We are aware of these claims and are investigating. We are taking the necessary steps to protect customers and ensure the stability of our services,” Microsoft said in a statement to BleepingComputer. While Microsoft has been contacted again regarding whether the services were down due to a DDoS attack, they have yet to provide a response.
Done reading? Continue with our list of 25 open source cyber security tools.