Anonymous Sudan has threatened to conduct distributed denial of service (DDoS) attacks on the critical national infrastructure (CNI) of “any country that tries to act in a harmful manner against Sudan,” according to a video released by the hacktivist group yesterday night. The threat comes six days after the group mounted a successful cyberattack against the Nigerian telecoms company MTN, as well as a spate of attacks in recent months targeting a fan-fiction site, Microsoft and the port of Haifa, Israel.
The conflict, which has been raging since May between the Sudanese Armed Forces and the rogue paramilitary Rapid Support Forces, has drawn condemnation from the US, the EU and the UK. Any organisations in the public and private sectors whose websites are critical to the running of their businesses or the day-to-day lives of constituents should invest in DDoS protection, experts have told Tech Monitor.
Anonymous Sudan threats
The video released by the gang last night includes threats of DDoS campaigns targeting countries that “meddle in Sudan affairs”, which the gang claims will cost victims of these attacks “millions upon millions.” Allegations of meddling in Sudan’s affairs are likely to refer to sanctions imposed by the UK, EU and US against both the Sudanese Armed Forces and the Rapid Support Forces. Anonymous Sudan’s spokesperson went on to cite the group’s DDoS attacks against targets in Kenya as an example of what foreign powers could face in the coming months. “We will organise a long campaign,” they said, “making sure everything is targeted, from A-Z, with no mercy.”
The masked hacker continues with veiled threats against members of the international community supposedly involved in aiding or abetting the current conflict. “We are also against oppression,” they said “and any other country that oppresses others will also be targeted. There will be no exceptions. We will make sure to attack the critical national infrastructure of any said country very violently and start a long, organised hacking campaign against them.”
In its short history, Anonymous Sudan has adopted a scattergun approach toward hacking, explains Allan Liska, a threat intelligence analyst at Recorded Future. The group “hit[s] anything and everything and hope something sticks,” says Liska, targeting websites and infrastructure across Europe and sub-Saharan Africa.
The recent coup in Niger, which was quickly followed by threats of armed intervention by Nigeria and other states to restore democracy and the rule of law, has also met with Anonymous Sudan’s ire. “The Nigerian Government decided to stand with French Imperialists and fight Niger,” the gang’s Telegram channel reads, referring to France’s support for the overthrow of the new Nigerien junta. “No problem: we will stand with our African and Muslim brothers and you will be f****d. French plans in Sahel and Africa will not succeed.”
Though the group portrays itself as the Sudanese branch of the global hacking collective Anonymous, cybersecurity experts believe that Anonymous Sudan is actually a product of Russia’s intelligence services (the hacktivist has denied this allegation.) ‘Despite claiming to be Sudanese, the group’s social media posts are mostly written in Russian, with only a handful of posts written in Arabic,’ states a recent report by security company Cyfirma. ‘The group has demonstrated a depth of understanding of [geopolitics] not commonly known in Sudan, but often exploited by actors tied to the Wagner-affiliated Troll Factory.’
Russia itself has shown an active interest in the internal affairs of multiple sub-Saharan African nations in recent years, keen to win international allies in a region with longstanding grievances against France and other Western powers. The mercenary Wagner Group, led by former Putin ally and personal chef Yevgeny Prigozhin, is currently providing security for the government of the Central African Republic and has allegedly supplied missiles to Sudan’s Rapid Support Forces. Despite mounting an armed insurrection against the Russian government in June, Wagner is still considered to be its armed proxy in the region.
Protecting against DDoS attacks
Cybercriminals against critical national infrastructure could affect millions of citizens, warns the UK’s National Risk Register. “Depending on the nature of the attack, disruption could last for up to 72 hours, but could extend into weeks or months,” it reads. “Protracted failure could threaten the financial stability of the UK or cause significant disruption to the wider UK economy.”
Anonymous Sudan have previously demonstrated their competence in mounting DDoS attacks, argues Liska. As such, argues the cybersecurity expert, organisations in potentially targeted countries should invest in the necessary protections. “It’s a matter of risk – how much of a threat is a DDoS attack against your website? If it’s critical to operations, spend the money,” he warns. “If taking a website offline will be disruptive to clients or constituents, these companies should probably engage in some level of DDoS protection.”