Anonymous Sudan is a hacker group that has been active since mid-January 2023 and believed to have originated from
Russia with no links to Sudan or
Anonymous.[1][2] They have launched a variety of
distributed denial-of-service (DDoS) attacks against targets.
Origins and identity
Despite the name, there is no proven link between Anonymous Sudan and the country of
Sudan.[3][1][2] The group surfaced as a Russian-speaking
Telegram channel in mid-January.[4] Some experts,[5] including cybersecurity company
CyberCX,[2] believe the group originates from or is supported by Russia.[1] The group is also not linked to
Anonymous.[1][6]
Targets and motives
Anonymous Sudan claims to target countries and organizations engaging in self-described "anti-Muslim activity".[3] The group claims to be
anti-Zionist[7] and pro-Islam.[8][9] However, they have also collaborated with pro-Russian attack groups like
Killnet,[10] and their attacks seem to align with a pro-Russian agenda.[1]
On 8 June 2023, Anonymous Sudan claimed responsibility for a DDoS attack on
Azure portal which caused an outage of this and other Microsoft cloud services between ~15 UTC and ~17:30 UTC.[25]
During the
War in Sudan between the
Sudanese Armed Forces (SAF) and
Rapid Support Forces (RSF), Anonymous Sudan launched cyberattacks on the
Kenyan government and private websites in the last week of July 2023, in retaliation for the country's support of the RSF.[26][27] In January and February 2024, Anonymous Sudan claimed to have disabled all internet services in Chad[28] and Djibouti, respectively, as part of a cyberattack to protest the country's relations with the RSF.[29] The group continued attacking
Intergovernmental Authority on Development (IGAD) countries[30] (including Uganda in February) due to their backing of the RSF.[31] The group also attacked the United Arab Emirates, a major supporter of the RSF.[32]
On 10 July 2023, Anonymous Sudan attacked fanfiction site
Archive of Our Own with a
denial-of-service attack. Anonymous Sudan claimed responsibility in a
Telegram post, saying the act was motivated by the website's United States registration and its inclusion of sexual and
LGBT content.[33][34] The group then demanded $30,000 worth of
Bitcoin within 24 hours to end the attack.[33][34] The site came back online the next day with
Cloudflare protection added.[35]
During the
Israel–Hamas war, media teams operating in the region have been exposed to various kinds of cyberattack. The Jerusalem Post website went down on 9 October 2023, with Anonymous Sudan claiming responsibility. The Palestinian Authority news agency
Wafa also experienced a cyberattack on 18 October 2023, as did
Al-Jazeera English on 31 October 2023 and
Al-Mamlaka TV on 3 November 2023.[36] In November 2023, the group targeted Israel infrastructure.[37][38]
In December 2023, Anonymous Sudan launched a
DDoS attack on
ChatGPT[39][40][41] after Tal Broda, a member of
OpenAI's leadership, made a social media post
dehumanizing Palestinians, calling for more intense bombing in Gaza, and advocating
ethnic cleansing.[42][43]
The group targeted systems at the
University of Cambridge and the
University of Manchester on 19 February 2024, citing the United Kingdom's support for
Israel in the Israel–Hamas War, and targeting these specific universities "because they are the biggest ones" they could find. Disruption was largely over by 20 February though some systems were still affected.[45]