Anonymous Sudan is a hacker group that began its activities in January 2023. It became known for carrying out Distributed Denial of Service (DDoS) attacks by flooding websites and other online services with so much traffic to overwhelm and destabilise them. Said to be neither ‘anonymous’ nor ‘Sudanese’, Anonymous Sudan borrowed its name from the hacktivist movement ‘Anonymous’ though it had no links with the group and was suspected to originate from Russia due to its attacks on Ukrainian targets.

It has now come to light that the ‘Sudan’ in the group’s name refers to the country of origin of the two hackers. The brothers, Ahmed Omer (27) and Alaa Omer (22), are said to have conducted over 35,000 attacks in various countries and even targeted big-name companies like Netflix, PayPal, Microsoft 365 suite, X (formerly Twitter) and even ChatGPT.

Their DDoS service was built by gaining access to numerous Virtual Private Servers  (VPS) through fake credentials. By using these servers to run programmes online, the brothers targeted specific parts of the websites (seven-layer attacks) rather than flooding whole sites with random data. This is more effective in bringing down a website as it involves using the VPS to send multiple requests to, for example, the login page or the checkout page so that this part of the site crashes, bringing down the whole website. 

Specifically, the brothers used Multiplexing to send many requests simultaneously through a single connection and pipelining to send multiple requests without waiting for a response from the target. 

In many cases, the attacks were politically motivated. For example, the attack on the X platform where the team wanted to pressure Elon Musk to provide Starlink access to Sudan. Last July, Anonymous Sudan struck Kenya’s e-Citizen platform, which Kenyans use to pay for almost all government services. The attack on the portal was also in retaliation for the government’s support of Rapid Support Forces (RSF) in Sudan. Anonymous Sudan is not the only hacker group to attack Kenya’s infrastructure. Medusa and Rhysida, two different ransomware groups, also attacked and divulged information after two government agencies (Kenya Airports Authority and Kenya Bureau of Standards)failed to pay the ransom demanded.

In the United States, the group also attacked hospital systems as retaliation for the bombing of hospitals in Gaza. Also, during the Hamas attacks of October 7 last year in Israel, the brothers targeted Israel’s missile alert system, leading to the suspicion that they worked closely with the attackers. Open AI was attacked due to its executive Tal Broda making comments supporting Israeli attacks in Gaza. The group had some failed attempts, for example, it tried to attack the London Internet Exchange. 

However, the attacks were not always ideologically motivated, as Anonymous Sudan sought to make money by selling its service on its Telegram channel. 

The two attackers are said to be in custody in the US after their operations were brought down in March this year. The Telegram group where they posted their statements also went silent in March. They have been officially indicted by a grand jury at a US federal court for attacking critical infrastructure both within and outside of the United States and are expected to go on trial soon.