Hacktivism gang Anonymous Sudan is threatening to attack Israel after claiming to have stolen 30 million customer accounts from Microsoft. The group masquerades as an Islamist terrorist gang with links to the original Anonymous hacktivist collective, but appears to be more closely connected to Russian hackers such as Killnet, Usersec, Passion Group and MistNet.
The gang’s has had an uptick in activity over recent weeks, which could be due to an increase in affiliates or funding.
Anonymous Sudan ‘attacks Microsoft’ and threatens Israel
Late last night, Anonymous Sudan posted its plans to attack Israel on its Telegram channel. Written in both English and Arabic, the message reads, “We are watching the events… When Gaza starts bombing Israel… We will start our mission.”
The gang posts frequently about links between the United Arab Emirates and Israel, claiming that they are one and the same, and that the UAE is using Israeli cyber protections to deflect Anonymous Sudan’s cyberattacks.
“UAE begged it’s Israeli masters to defend from our attacks, without knowing we have f****d their Israeli masters and they cant [sic] even defend themselves let alone anyone else,” reads the post. “We will f*** Israel and the UAE collectively soon.”
On Israeli Independence day, April 26, the gang claims to have conducted a distributed denial of service (DDoS) attack on Israeli Prime Minister Benjamin Netanyahu’s website, making it inaccessible. This appears to have marked the start of the group’s current anti-Israel campaign.
Annoymous Sudan has targeted victims for religious and socio-political reasons, says Louise Ferrett, a researcher from security company Searchlight Security. “Entities from this country were targeted largely due to their current disputes with the Palestinian people,” she says. Furthermore, the group also attacked entities in the UAE due to their “recent collaboration with Israel and because they allegedly supported ‘rebellious’ factions in Sudan,” Ferrett explains.
An attack on Microsoft?
The gang also claims to have attacked Microsoft. Over the weekend Anonymous Sudan posted to the same Telegram Channel that it had pilfered 30 million Microsoft customer accounts and had them for sale to the highest bidder on the dark web.
The post was asking readers to contact them via Telegram to organise a deal to retrieve the data. The claims were denied by Microsoft, with a company spokesperson claiming that “at this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data.”
The spokesperson added: “We have seen no evidence that our customer data has been accessed or compromised.” Anonymous Sudan may have found publicly available Microsoft data to pass it off as freshly stolen information, a technique often deployed by low-skill cybercriminals.
But the gang has carried out a successful attack on Microsoft. As reported by Tech Monitor last week, the tech giant has admitted that a successful DDoS attack by the gang last month took down its Office 365 services.
Anonymous Sudan and Killnet
Despite its name, security researchers believe the group is actually made up of Russian hackers. According to a report released by security company Flashpoint, “evidence suggests that Anonymous Sudan are likely state-sponsored Russian actors masquerading as Sudanese actors with Islamist motivations, as cover for their actions against western, or western-aligned, entities.”
Ferrett agrees that the gang is unlikely to be related to the original hacking gang going by the name Anonymous Sudan. “The original Anonymous Sudan collective was first seen during the 2019 political instability period in Sudan,” she says. “This group was anti-Russia and active in local street protests as well.”
The current group, Ferrett says, “appears to be pro-Russia”. She explains: “Current partners of the gang include KillNet, UserSec, Passion Net and MistNet”. All of these groups are pro Russian hacktivist gangs, according to a report by security company Radware.
There has been an uptick in Anonymous Sudan’s actions recently, Ferrett says. “It remains unclear why their activities have intensified in recent times, but it could be related to additional affiliates joining the cause or due to additional funding, leading to upgrades in their infrastructure and technical capabilities,” she explains.