DDoS attackers – hacktivists or state-backed actors?

CyberCX, a cybersecurity firm operating across New Zealand and Australia, has issued a security update about Anonymous Sudan, which is alleged to have been responsible for at least 24 distributed denial of service (DDoS) attacks against Australian organisations in the aviation, healthcare, and education sectors this year.

Microsoft has blamed Anonymous Sudan on attacks that resulted in outages across its Outlook, OneDrive, and Azure services and the hacking group has also targeted the European banking sector.

Why would a hacktivist group lined to Sudan target Australian organisations? Good question, says CyberCX, which suggests the group behind the DDoS attacks may actually be a “threat actor affiliated with the Russian state”.

Screenshot 2023-06-20 at 12.42.50 PM.png

A Telegram message from Anonymous Sudan

CyberCX has observed and investigated several attacks and claims operations under ‘Anonymous Sudan’ commenced in January 2023 via the Telegram messaging platform. It appears the group took the same name as a 2019 anti-Russian, pro-Ukraine operation also called Anonymous Sudan.

Anonymous Sudan claimed responsibility for DDoS attacks on Australian organisations between 24 March and 1 April 2023. The ‘opAustralia’ campaign of attacks was initiated in March by a purportedly Pakistani hacktivist group in response to clothing bearing the Arabic text “God walks with me”, displayed at the Melbourne Fashion Festival, CyberCX reported.

But analysis of the activity of Anonymous Sudan suggests a well-funded and possible state backer.

“This assessment is based on a range of tradecraft observations, including Anonymous Sudan’s sustained, routine use of paid infrastructure, which is likely to have a substantial cost. Anonymous Sudan primarily targets Western organisations in the government, media, healthcare and transport sectors,” CyberCX noted today.

“The organisation is publicly aligned with pro-Russian threat actors and is a member of the pro-Russia hacktivist collective, Killnet. Persistent low-level disruption of Western countries is consistent with established Russian information warfare strategies. Anonymous Sudan also primarily posts in English and Russian, with its first Arabic post more than a month after its creation,” it adds.

Expect Anonymous to “continue to increase its tempo of operations over the next three months”, according to CyberCX. That could mean more DDoS attacks in Australia. If the attacks are indeed part of a Russian information warfare campaign, New Zealand may well be a target too.

Source: ITP New Zealand Tech Blog

Posted in Uncategorised and tagged .