Hacktivist group Anonymous Sudan has launched a new wave of distributed denial of service (DDoS) cyberattacks this week, targeting French postal service La Poste, social network X and launching a renewed assault on fan fiction website Archive of Our Own, also known as AO3. The hackers are calling for X owner Elon Musk to help restore internet access to Sudan, which has been disrupted by the civil war.

Anonymous Sudan AO3
Anonymous Sudan attacks online entities in the US and Europe. (Photo by Millenius/Shutterstock)

The group, which has been very active in recent months, is widely believed to be an offshoot of Russian hacking gang Killnet masquerading as Sudanese cybercriminals.

Anonymous Sudan attacks X, La Poste and A03

La Poste was attacked by the gang yesterday, with its online services disrupted between 1pm and 10:30pm according to Down Detector. The gang bragged about the success of the DDoS attack on Telegram. “We wanted to ruin [French president Emmanuel] Macron’s day more, so we dropped all systems of La Poste,” the hackers wrote. 

The attack followed a strike against X, formerly known as Twitter, on Sunday, which saw the site go down in more than 12 countries for 45 minutes. Down Detector reported nearly 20,000 outages at the time of the attack. Again, the group took to Telegram with a message for Musk, who brought Twitter last year and rebranded it to X earlier this month.

“Make our message reach Elon Musk,” reads the post, “Open Starlink in Sudan”. The message is referring to Musk’s Starlink satellite internet service, which is not available in Sudan. The country has been suffering severe internet connectivity problems as a result of civil war, and in April it was reported it suffered a near total internet outage.

Today, the gang attacked the open-source fanfiction site Archive of Our Own, declaring on Telegram: “Archive of our Own, we downed you earlier today, enjoy part two.” The cybercrime gang attacked A03 last month in what it said was a protest at the types of content hosted on the site. At that time, AO3 was completely down, but it is currently up and running despite some users having reported issues accessing content.

Anonymous Sudan’s DDoS reign of terror

Previous successful cyberattacks by Anonymous Sudan include a breach of Nigerian telecoms company MTN, as well as hacks targeting the Kenyan government’s online infrastructure, Microsoft and the Port of Haifa in Israel. 

All the attacks are ostensibly in support of Sudan and other conflicts within the region. Though the group portrays itself as the Sudanese branch of the global hacking collective Anonymous, cybersecurity experts believe it is actually a collective backed by Russia’s intelligence service with close links to Killnet, a group that has launched many DDoS breaches against Ukraine and its allies since the start of the conflict in eastern Europe.

Anonymous Sudan has denied links to Russia, but analysts are sceptical. “Despite claiming to be Sudanese, the group’s social media posts are mostly written in Russian, with only a handful of posts written in Arabic,” states a recent report by security company Cyfirma. “The group has demonstrated a depth of understanding of [geopolitics] not commonly known in Sudan, but often exploited by actors tied to the Wagner-affiliated troll factories.”

Read more: Qakbot botnet dismantled by the FBI