Anonymous Sudan, a hacktivist group allegedly based in Sudan and part of the larger Anonymous network, has claimed responsibility for several unverified distributed denial of service (DDoS) and website defacement attacks. Cyber company CYE provided a detailed blog on the group.
The group is known for conducting various types of cyberattacks to raise awareness about specific political and social issues. It has cited geopolitical events that it perceives as anti-Muslim as the catalyst for its DDoS attacks.
Recently, from March 16 to March 23, 2023, Anonymous Sudan and Killnet claimed responsibility for cyberattacks that targeted Latvian governmental Project “School 2030,” NASA, a Precision Rifle Series-affiliated club located in Lviv, Ukraine called Poligun Team, French hospitals, universities, airports, and public organizations including the French Police, the Ministry of Justice, and the Ministry of the Interior. The group has claimed to support the Russian cause and often attacks Ukrainian targets.
The motivations and goals of Anonymous Sudan are not very clear, but they have been linked to a Russian group. However, there is no hard evidence connecting the group to Russian official entities as is the case with other Russian attack groups such as APT28 and APT29.
To prevent attacks by Anonymous Sudan, it is recommended to have a continuous information feed to stay up to date with the latest trends and threats in the cyber warfare world. In terms of DDoS, blocking all known indicators of compromise (IOCs) of the group, verifying anti-DDoS configuration, having anti-DDoS solutions, monitoring ISP lines, and having a secondary ISP line as a redundancy option are suggested. As for websites, it is advised to make sure the site infrastructure is up to date with the latest patches, scan the site for vulnerabilities, verify the WAF service or appliance is updated with the latest signatures, and monitor the site for suspicious behavior while having it evaluated from a security standpoint.
Anonymous Sudan and other hacktivist groups have been known to cause disruptions with their attacks. It is essential to stay up to date with the latest security measures and take proactive steps to protect sensitive data and systems.