View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 5, 2023updated 21 Aug 2023 3:32pm

Anonymous Sudan claims Microsoft cyberattack and threatens the state of Israel

The gang says it plans to attack its supposed enemies in the Middle East. Experts believe the group is linked to Russia.

By Claudia Glover

Hacktivism gang Anonymous Sudan is threatening to attack Israel after claiming to have stolen 30 million customer accounts from Microsoft. The group masquerades as an Islamist terrorist gang with links to the original Anonymous hacktivist collective, but appears to be more closely connected to Russian hackers such as Killnet, Usersec, Passion Group and MistNet.

Hacking gang Anonymous Sudan has been busy in recent weeks, but probably has no links to the North East African country (Photo by BUTENKOV ALEKSEI/Shutterstock)

The gang’s has had an uptick in activity over recent weeks, which could be due to an increase in affiliates or funding.

Anonymous Sudan ‘attacks Microsoft’ and threatens Israel

Late last night, Anonymous Sudan posted its plans to attack Israel on its Telegram channel. Written in both English and Arabic, the message reads, “We are watching the events… When Gaza starts bombing Israel… We will start our mission.”

The gang posts frequently about links between the United Arab Emirates and Israel, claiming that they are one and the same, and that the UAE is using Israeli cyber protections to deflect Anonymous Sudan’s cyberattacks. 

“UAE begged it’s Israeli masters to defend from our attacks, without knowing we have f****d their Israeli masters and they cant [sic] even defend themselves let alone anyone else,” reads the post. “We will f*** Israel and the UAE collectively soon.” 

On Israeli Independence day, April 26, the gang claims to have conducted a distributed denial of service (DDoS) attack on Israeli Prime Minister Benjamin Netanyahu’s website, making it inaccessible. This appears to have marked the start of the group’s current anti-Israel campaign.

Annoymous Sudan has targeted victims for religious and socio-political reasons, says Louise Ferrett, a researcher from security company Searchlight Security. “Entities from this country were targeted largely due to their current disputes with the Palestinian people,” she says. Furthermore, the group also attacked entities in the UAE due to their “recent collaboration with Israel and because they allegedly supported ‘rebellious’ factions in Sudan,” Ferrett explains.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

An attack on Microsoft?

The gang also claims to have attacked Microsoft. Over the weekend Anonymous Sudan posted to the same Telegram Channel that it had pilfered 30 million Microsoft customer accounts and had them for sale to the highest bidder on the dark web.

The post was asking readers to contact them via Telegram to organise a deal to retrieve the data. The claims were denied by Microsoft, with a company spokesperson claiming that “at this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data.”

The spokesperson added: “We have seen no evidence that our customer data has been accessed or compromised.” Anonymous Sudan may have found publicly available Microsoft data to pass it off as freshly stolen information, a technique often deployed by low-skill cybercriminals.

But the gang has carried out a successful attack on Microsoft. As reported by Tech Monitor last week, the tech giant has admitted that a successful DDoS attack by the gang last month took down its Office 365 services.

Anonymous Sudan and Killnet

Despite its name, security researchers believe the group is actually made up of Russian hackers. According to a report released by security company Flashpoint, “evidence suggests that Anonymous Sudan are likely state-sponsored Russian actors masquerading as Sudanese actors with Islamist motivations, as cover for their actions against western, or western-aligned, entities.”

Ferrett agrees that the gang is unlikely to be related to the original hacking gang going by the name Anonymous Sudan. “The original Anonymous Sudan collective was first seen during the 2019 political instability period in Sudan,” she says. “This group was anti-Russia and active in local street protests as well.”

The current group, Ferrett says, “appears to be pro-Russia”. She explains: “Current partners of the gang include KillNet, UserSec, Passion Net and MistNet”. All of these groups are pro Russian hacktivist gangs, according to a report by security company Radware.

There has been an uptick in Anonymous Sudan’s actions recently, Ferrett says. “It remains unclear why their activities have intensified in recent times, but it could be related to additional affiliates joining the cause or due to additional funding, leading to upgrades in their infrastructure and technical capabilities,” she explains.

Read more: Microsoft is now a cybersecurity titan. That could be a problem

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.