Category: Anonymous Sudan

For the first time in the history of the tech industry, the U.S. Department of Justice (DOJ) has publicly acknowledged the pivotal role of Amazon Web Services (AWS) in the apprehension of two key individuals associated with the hacking group known as Anonymous Sudan. This group has been responsible for a series of denial-of-service (DDoS) attacks targeting government agencies, healthcare organizations, telecommunications companies, and cloud service providers around the globe.

In a notable statement, the DOJ expressed gratitude to Amazon for providing crucial leads that aided in the capture of these criminals, who security experts believe are not only influential but also linked to a broader network of cybercrime activities, including ransomware operations.

Tom Scholl, Vice President and Engineer at Amazon Web Services, shared details of the investigation, shedding light on how law enforcement was able to trace the hackers who were reportedly offering “rate cards” for DDoS services—charging around $100 per day, $600 per week, and between $1,700 and $1,900 for executing these disruptive attacks.

The criminals were identified through AWS’s advanced technical capabilities. Specifically, the company’s experts monitored a group of servers, referred to as “Proxy Drivers,” which were rented by the hackers to launch their attacks. Once these malicious actors began leasing the bots, they came under surveillance from an internal threat detection system developed by AWS, known as MadPot. This system has been operational since June 2023. Although Jeff Bezos is no longer the CEO, he still serves as Executive Chairman, underscoring the company’s ongoing commitment to security.

Scholl and his team effectively tracked the activities of the digital mercenaries affiliated with Anonymous Sudan. They promptly alerted law enforcement, which led to a coordinated effort involving the DOJ, the FBI, and Europol to indict the individuals now identified as Ahmad Yousif Omar and Alaa Salah Yusuf Omar. These brothers have been charged with inflicting substantial damage to the digital assets of numerous companies.

Reports indicate that the FBI seized operations and infrastructure linked to the group in March of this year, neutralizing a significant tool known as the Distributed Cloud Attack Tool (DCAT), also dubbed “Godzilla.” This sophisticated weapon was capable of executing over 35,000 DDoS attacks simultaneously, boasting a success rate of approximately 10%.

This incident serves as a critical reminder for companies to maintain vigilant oversight of their leased infrastructure and to cooperate with law enforcement in the event of cyber incidents. Many cybercriminal organizations often launch ransomware, malware, and DDoS attacks using cloud-based infrastructure leased from large providers, particularly those operating in Western and Central Asian regions. It is imperative that organizations stay alert and proactive in safeguarding their digital environments.

The post Amazon helps in nabbing Anonymous Sudan cyber criminals appeared first on Cybersecurity Insiders.

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.

Image: FBI

Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. But in a criminal complaint, the FBI said those high-profile cyberattacks were effectively commercials for the hackers’ DDoS-for-hire service, which they sold to paying customers for as little as $150 a day — with up to 100 attacks allowed per day — or $700 for an entire week.

The complaint says despite reports suggesting Anonymous Sudan might be state-sponsored Russian actors pretending to be Sudanese hackers with Islamist motivations, AnonSudan was led by two brothers in Sudan — Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27.

AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023. The group hit PayPal the following month, followed by Twitter/X (Aug. 2023), and OpenAI (Nov. 2023). An indictment in the Central District of California notes the duo even swamped the websites of the FBI and the Department of State.

Prosecutors say Anonymous Sudan offered a “Limited Internet Shutdown Package,” which would enable customers to shut down internet service providers in specified countries for $500 (USD) an hour. The two men also allegedly extorted some of their victims for money in exchange for calling off DDoS attacks.

The government isn’t saying where the Omed brothers are being held, only that they were arrested in March 2024 and have been in custody since. A statement by the U.S. Department of Justice says the government also seized control of AnonSudan’s DDoS infrastructure and servers after the two were arrested in March.

AnonSudan accepted orders over the instant messaging service Telegram, and marketed its DDoS service by several names, including “Skynet,” “InfraShutdown,” and the “Godzilla botnet.” However, the DDoS machine the Omer brothers allegedly built was not made up of hacked devices — as is typical with DDoS botnets.

Instead, the government alleges Skynet was more like a “distributed cloud attack tool,” with a command and control (C2) server, and an entire fleet of cloud-based servers that forwards C2 instructions to an array of open proxy resolvers run by unaffiliated third parties, which then transmit the DDoS attack data to the victims.

Amazon was among many companies credited with helping the government in its investigation, and said AnonSudan launched its attacks by finding hosting companies that would rent them small armies of servers.

“Where their potential impact becomes really significant is when they then acquire access to thousands of other machines — typically misconfigured web servers — through which almost anyone can funnel attack traffic,” Amazon explained in a blog post. “This extra layer of machines usually hides the true source of an attack from the targets.”

The security firm CrowdStrike said the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services. Also, AnonSudan typically launched so-called “Layer 7” attacks that sought to overwhelm targeted “API endpoints” — the back end systems responsible for handling website requests — with bogus requests for data, leaving the target unable to serve legitimate visitors.

The Omer brothers were both charged with one count of conspiracy to damage protected computers. The younger brother — Ahmed Salah — was also charged with three counts of damaging protected computers.

A passport for Ahmed Salah Yousif Omer. Image: FBI.

If extradited to the United States, tried and convicted in a court of law, the older brother Alaa Salah would be facing a maximum of five years in prison. But prosecutors say Ahmed Salah could face life in prison for allegedly launching attacks that sought to kill people.

As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel. At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area.

In February 2024, AnonSudan launched a digital assault on the Cedars-Sinai Hospital in the Los Angeles area, an attack that caused emergency services and patients to be temporarily redirected to different hospitals.

The complaint alleges that in September 2023, AnonSudan began a week-long DDoS attack against the Internet infrastructure of Kenya, knocking offline government services, banks, universities and at least seven hospitals.

In a digital age where the lines between activism and hacking are increasingly blurred, Anonymous Sudan, a self-proclaimed hacktivist group with ties to the Russian Federation, recently launched a cyber-attack on the servers of the social media giant formerly known as Twitter, now known simply as “X.” This brazen attack disrupted the platform’s services for a couple of hours, garnering attention from global law enforcement agencies and sparking a debate about the group’s motives. In this article, we delve into the details of the cyber-attack, the stated objectives of Anonymous Sudan, and the broader implications of their actions.

The Cyber-Attack:

On a Tuesday, Anonymous Sudan executed a massive Distributed Denial of Service (DDoS) attack, targeting the servers of X. While the attack was substantial, it was limited in scope, affecting only a handful of countries and bringing down the platform’s operations for a few hours. This deliberate targeting raised questions about the group’s intentions and what they sought to achieve.

The Stated Objective:

Following the disruptive attack, Anonymous Sudan released a concise statement, demanding the commencement of Starlink internet connectivity services in Sudan. Their argument was framed in the context of benefiting those who follow Islam, suggesting that improved internet access was essential for the people of Sudan. The choice of Starlink, Elon Musk’s satellite internet venture, as the solution was both strategic and symbolic.

Allegations and Conspiracies:

Unsurprisingly, the cyber-attack didn’t go unnoticed by global security agencies. The FBI and the Pentagon swiftly labeled Anonymous Sudan as an organization funded by the Kremlin, alleging that they were operating under the guise of a foreign nation. The objective, according to these agencies, was to divert international attention away from Russia’s actions and create confusion on the global stage.

The Hidden Agenda:

However, beneath the surface, there appears to be a hidden agenda. Anonymous Sudan, although publicly supporting the Kremlin, seems to be driven by a different motive. Two of its members, Hofa and Crush, expressed their support for the disruption. They claimed that the ongoing civil war in Sudan was severely impacting their internet access, as the government frequently shut down local networks to suppress dissent. Their plea to Elon Musk for Starlink services in their region was the driving force behind the cyber-attack.

Elon Musk and Twitter’s Silence:

What is particularly intriguing is the conspicuous silence from both Elon Musk and Twitter’s senior management regarding the cyber-attack. Security analysts speculate that this could be a calculated move to downplay the incident, minimizing unnecessary international attention. Alternatively, it’s possible that the disruption had only minimal consequences for Twitter’s operations, making it less of a priority for comment.

Conclusion:

The cyber-attack orchestrated by Anonymous Sudan on X, formerly Twitter, may have caught the world’s attention, but the motives behind it remain shrouded in ambiguity. While the group’s affiliation with the Kremlin is suspected, their true objective appears to be related to improving internet access in Sudan’s troubled regions. The incident serves as a stark reminder of the complex interplay between hacktivism, geopolitics, and the pursuit of socio-political agendas in the digital age. As the international community grapples with the implications of such attacks, the story of Anonymous Sudan is a reminder that the motives behind cyber-attacks are rarely straightforward, and their consequences can ripple far and wide.

 

The post Anonymous Sudan launched Cyber Attack on X formerly Twitter appeared first on Cybersecurity Insiders.

Anonymous Sudan, that proclaims to be a pro-russian hacktivist group has claimed that its gang of hackers have launched Distributed Denial of Service (DDoS) attacks on Archive of our Own (AO3) website since Monday morning and will target the same website for the next 24 hours and the next 3 months on an occasional note.

The renowned fanfiction website is since then experiencing intermittent disruptions since the early of Monday morning, prompting the site owners release a web statement regarding the DdoS attack.

It is unclear why the hacktivists group is behind the not-for-profit open-source repository hosting 11,060,000 works in about 26,362 fandoms.

However, an ethical hacking group that is highly active on telegram claims that the religious group operating from Africa was against the firm for hosting blasphemy content and amateur fiction driven content hosted against LGBT community and so decided to take down the website with sophistication.

Surprisingly, Anonymous Sudan is demanding $30k in Bitcoins to stop the launch of DDoS attacks on the website and has given only a time span of just 26 hours to react. And if they come up with the payment, the hacking group could launch a ransomware attack, as their resources are claiming to have control on the entire network.

If the reaction isn’t positive, it has warned ‘Archive of our Own’ of serious consequences lead-ing to permanent shut down.

NOTE- Still when we try to access the website through web browser, a ‘503 unavailable error’ is appearing. And when we try to access Archive of our Own via mobile, it is showing ‘couldn’t connect error’.

The post Anonymous Sudan launches DDoS Attack on fan fiction website for 24 hours appeared first on Cybersecurity Insiders.

As European nations such as Germany, France and Britain are offering a helping hand to Ukraine on recommendation by the Biden led nation, 3 notorious hacking groups -Killnet, Anonymous Sudan and REvil have taken a pledge to conduct a digital assault on the US and European Banking Systems.

A platform has been set by the criminals to launch a major cyber blitz on the financial systems of the developed nations with an objective to achieve- no money, no weapons and no Kyiv.

It is a well known fact that a small nation like Ukraine, that happens to be an immediate neighbor of Russia is retaliating the Putin led military forces with great vigor and valiance. All alone the nation couldn’t have achieved what it has established till date and might have surrendered long back.

Here, a big round of applause must not only be given to Volodomyr Zelenskyy led nation, but the nations that are supporting it with funds, ammunition and essentials must also be appreciated for standing with the Ukrainian populace in tough time.

According to a video posting on a telegram channel on June 13th of this year,  Killnet, Anonymous Sudan and REvil have been assigned a job to disrupt the financial systems of west by launching a DDoS or Ransomware attack by this month end and as per some online resources, the command for assault reportedly came-in from Kremlin.

SWIFT Banking System aka Society for Worldwide Interbank Financial Telecommunication that offers a safe networking gateway for financial transactions is rumored to be the first target of the hackers, followed by Wire, Wise, IBAN, and SEPA.

NOTE– It is unclear when the attack will be launched. However, the news has reached the Interpol who raised an alarm urging the International Banking Network to review its Cybersecurity posture and take necessary action, accordingly.

The post Cyber Attack projected on US and European Banking Systems appeared first on Cybersecurity Insiders.

Outlook.com users have been suffering with intermittent outages from yesterday and news is out that the disruption was caused because of a DDoS cyber attack launched by a hacking group named ‘Anonymous Sudan’.

Microsoft acknowledged the outage as true, but failed to label it as a state funded attack. How-ever, it issued a statement that it has employed mitigation policies to neutralize the impact of the DdoS attack.

On the other hand, Twitter is buzzing with the news that the Outlook cyber attack on web and mobile app service was result of a distributed denial of service attack, where the email servers of the said company are bombarded with overwhelming fake web traffic, thus causing a down-time.

Since, Microsoft was showing a lot of interest in internal affairs of Sudan, Anonymous Sudan could have launched the Denial-of-service attack as a retaliation deed said a telegram post.

Microsoft threat intelligence team anticipates that its Office 365 services might become the next target and so have warned the senior management to review the security posture of the online office service.

NOTE 1- Microsoft Outlook is a managing software that offers services such as email, calen-daring, task managing, contacts management, notes, web browsing and journal picks. Out-look.com is a free to use webmail service that competes with Gmail and Yahoo! Mail. It was introduced in the year 1997 and is now operating on laptops and mobile phones & tablets.

NOTE 2- Very little is known about the hacking group. But their actions are in-line with the reaction of Rasmus Paludan, who burnt a religious holy book in January 2023 and vowed to do so until Sweden is admitted into NATO, opposed by Russia.

The post Anonymous Sudan launched Cyber Attack on Microsoft Outlook appeared first on Cybersecurity Insiders.

Anonymous Sudan, a group of Hackers claiming to be as Palestinians, launched a distributed denial of service attack on Israel-based cybersecurity company Check Point. The concerning part of this attack is that the hackers claim to launch a stronger version of a similar attack on April 7th of this year and hope to take down the website completely.

After the statement release on Telegram by the hacker’s, CheckPoint started reassessing its security practices and claims to have the strongest measures in place to protect its IT assets from significant attacks such as ransomware and data breaches.

The good news is that the website returned to normalcy after a short while of hiatus and released a press update that the web portal is well protected from such denial-of-service attacks and has world’s safest tech to shield its infrastructure from the future attacks.

Coincidentally, the incident took place when Anonymous Sudan attacked several websites belonging to multiple universities from the morning hours of Tuesday.

And the name of the affected websites includes Tel Aviv University, The Hebrew University of Jerusalem, Ben-Gurion University of Negev, Haifa University, Weizmann Institute of Science, Open University of Israel, and Reichman University.

NOTE 1- Till the afternoon hours of Tuesday, the website was operating at a slower pace and was conducting security checks for each visit to the website. After 4PM, the website started to operate normally and hope it maintains the same integrity of connectivity on Friday of this week.

NOTE 2- Usually, hackers release threat statements to get some mileage in the media and to make their group names trending on the web. But it is always recommended to stay proactively secure against all cyber-attacks, in order to stay live and vibrant in business.

 

The post Hackers launched a DDoS Attack against CheckPoint and anticipate to target it again appeared first on Cybersecurity Insiders.