The hacker group Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation to the messaging platform’s decision to suspend their primary account, threat intelligence firm SOCRadar reports.
Claiming to be a hacktivist group motivated by political and religious causes, Anonymous Sudan has orchestrated DDoS attacks against organizations in Australia, Denmark, France, Germany, India, Israel, Sweden, and the UK.
The group has been active since the beginning of the year and established its Telegram channel on January 18, announcing intent to launch cyberattacks against any entity opposing Sudan. The group’s activity began with the targeting of several Swedish sites.
However, Anonymous Sudan came to fame in June, after launching a series of disruptive DDoS attacks targeting Microsoft 365, impacting Outlook, Microsoft Teams, OneDrive for Business, and SharePoint Online. Microsoft’s Azure cloud computing platform was also affected.
Anonymous Sudan boasted about the attack on its Telegram channel, and Microsoft, which tracks the group as Storm-1359, confirmed DDoS attacks were indeed the cause of disruption.
In late August, the group targeted X (formerly Twitter) as part of a disruptive DDoS attack meant to pressure Elon Musk into launching the Starlink service in Sudan.
The attack on Telegram, however, had a different motivation compared to the group’s typical interests, but did not achieve its purpose, and the hacktivists have moved their main Telegram channel for the time being, SOCRadar says.
The reason for the Telegram ban is unclear, but the threat intelligence firm believes it might be related to the use of bot accounts or to the recent attack on X.
According to previous reports from SOCRadar and Truesec, the Anonymous Sudan group currently engaging in DDoS and defacement attacks might not operate out of Sudan and might, in fact, have ties to the Russian hacking group KillNet.
The observed campaigns have no link to political issues related to Sudan, the group does not seek the support of pro-Islamic groups and only interacts with Russian hackers, and mainly posts in English and Russian, instead of Arabic.
Furthermore, the group does not appear to be linked to the original Anonymous Sudan hacktivists – which emerged in Sudan in 2019 – nor with Anonymous, the decentralized, anti-political hacktivist movement.
Related: CISA Releases Guidance on Adopting DDoS Mitigations
Related: US Seizes Domains of 13 DDoS-for-Hire Services
Related: Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare
