A group known as “Anonymous Sudan” has been conducting distributed denial of service (DDoS) attacks against targets in France, Germany, the Netherlands, and Sweden. The attacks are apparently in retaliation for perceived anti-Islamic activity in each of these countries. The group, which may actually be a subgroup of the Russian hacktivist collective Killnet, has stolen data from Air France’s website in addition to conducting DDoS attacks. The attacks on Swedish government and business entities followed an incident of Quran-burning in Stockholm.
Researchers from Trustwave, who have been tracking Anonymous Sudan for the past several months, this week said there is some evidence to suggest the group is a front for Killnet.
In a report, Trustwave said its researchers have not been able to confirm if Anonymous Sudan is, in fact, based in Sudan or if any of its members are from that country. The group’s Telegram posts are in Russian and English, and other telemetry instead point to at least some of its members being Eastern European.
Just as with Killnet, all of Anonymous Sudan’s targets have been in countries that have opposed Russia’s invasion of Ukraine and/or have assisted the latter in some way. It’s most recent threat — on March 24 — to attack targets in Australia fits into the same patterns, as does a DDoS attack against Israeli cybersecurity vendor Radware.
Also just like Killnet, Anonymous Sudan has mostly employed DDoS attacks to send its message to intended targets. And both Killnet and Anonymous Sudan have made claims on their respective Telegram channels that officially connect to each other. In January, for instance, Anonymous Sudan claimed to have assisted Killnet in a DDoS attack against Germany’s Federal Intelligence Service, Trustwave said.
Anonymous Sudan’s Killnet Links
Trustwave researchers are unclear why Anonymous Sudan would brand itself as a pro-Islamic group instead of a pro-Russian group allied with or part of Killnet. The hacktivist collective Killnet has been active in the months since Russia’s invasion of Ukraine, claiming credit for and launching numerous DDoS attacks on organizations worldwide. Killnet has described these attacks as retaliation against US-led support for Ukraine in the war.
Anonymous Sudan has a similar threat level to Killnet, characterized as a low to medium sophistication level by Trustwave SpiderLabs security researcher Jeannette Dickens-Hale. Both groups mainly launch DDoS attacks and threaten extortion with data they may or may not have. The recent attack by Anonymous Sudan against Air France and the threat to sell its data could indicate an escalation in motivation and attack type. Despite being a medium severity threat at worst, the threat posed by Killnet and Anonymous Sudan cannot be ignored.
Killnet’s “Black Skills” Launch
Researchers are keeping a close watch on Killnet’s persistent efforts to gain support for its activities, often through exaggerated claims of success. This week, Flashpoint reported that Killnet’s leader, known as “Killmilk,” announced the formation of a private military hacking group named “Black Skills.” According to security experts, this is an attempt to position Killnet as the cyber equivalent of the Russian mercenary operation, the Wagner Group.
In March, Killnet also announced a DDoS-as-a-service offering called “Black Listing,” which Flashpoint sees as another effort by the group to establish a more formal identity for itself. Flashpoint researchers concluded that “Black Skills/Black Listing appear to be an attempt from Killnet to establish itself as a corporate identity.” They believe that the new group will be organized and structured, with subgroups responsible for payroll, public relations, technical support, pen testing, data collection and analysis, information operations, and targeted attacks.
Go to Source
Author: Jai Vijayan, Contributing Writer, Dark Reading
