ADF STAFF
Shortly before war broke out between the Sudan Armed Forces (SAF) and the paramilitary Rapid Support Forces (RSF) in April 2023, a different battle began online led by hackers affiliated with the Russian-backed Anonymous Sudan.
In January 2023, Anonymous Sudan launched targeted attacks against computers across Europe, the Middle East and North America. Known as distributed denial of service (DDoS) attacks, the tactic is designed to cripple specific computer networks by overloading them with fake incoming traffic.
The hackers targeted hospitals, online companies and even Israel’s missile alert system.
While Anonymous Sudan portrays itself as a Sudanese nationalist group, cybersecurity experts say that’s a smokescreen designed to obscure the group’s Russian ties.
“Anonymous Sudan is a Russian information operation that aims to use its Islamic credentials to be an advocate for closer cooperation between Russia and the Islamic world — always claiming that Russia is the Muslims’ friend,” Mattias Wåhlén, a threat intelligence expert with Stockholm-based Truesec, told Fortune magazine. “This makes them a useful proxy.”
According to cybersecurity analysts at Risky Business, Anonymous Sudan’s attacks escalated as tensions climbed between the SAF and RSF. Attacks went from 40 in January 2023 to a peak of 237 in April 2023, the same month that the conflict between SAF leader Gen. Abdel Fattah al-Burhan and RSF leader Gen. Mohamed Hamdan “Hemedti” Dagalo turned into a shooting war.
“Since its sudden appearance on the DDoS hacktivism scene in January 2023, Anonymous Sudan has consistently been described as a pro-Kremlin group — for many, and very good and obvious reasons,” Risky Business news editor Catalin Cimpanu wrote in a recent newsletter.
According to Cimpanu, Anonymous Sudan has cooperated with and shared tools with pro-Russian hacker group Killnet, which is also known for launching DDoS attacks. Anonymous Sudan frequently uses language found in Russian propaganda. It has attacked countries’ support for Ukraine’s fight against Russian ongoing invasion, threatened to attack France if it sent troops to Niger after its coup, and attacked a Swedish hospital after that country announced it was joining NATO.
“The Sudanese nationalist spirit in action!” Cimpanu wrote sarcastically.
While Anonymous Sudan focused its attacks outside Africa, the growth of similar hacker groups poses an increasing disruptive threat within the continent, according to cybersecurity experts.
The rapid spread of online technology across Africa, driven primarily by mobile telephone networks, has outpaced the number of cybersecurity professionals needed to protect key systems from attacks. Millions of internet users also do not have the knowledge they need to spot potential cyberattacks.
“As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years,” analyst Jai Vijayan wrote recently for the website Dark Reading.
DDoS attacks, which are among the most common hacker tools, rose 30% in the Middle East and Africa the first half of 2024 compared to the same period in 2023, Vijayan noted.
According to cybersecurity company NetScout, African countries with the highest internet reach were among the most frequent targets of DDoS attacks in 2024. South Africa led the list, followed by Namibia, Morocco, Kenya and Egypt.
As an illustration of hackers’ strategy, Morocco, where 90% of the population is online, experienced 61,000 DDoS attacks in the first half of 2024. That was the largest number of DDoS attacks in North Africa during the period. The largest single target of attacks was wireless telephone operators.
Disrupting hacking groups such as Anonymous Sudan is proving to be a challenge. U.S. authorities recently charged brothers and Anonymous Sudan members Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, with attacking protected computers. They arrested the brothers, leaving three other members of Anonymous Sudan at large.
Soon after the arrest, according to cybersecurity firm Radware, another hacker group appeared using Anonymous Sudan’s digital infrastructure and adopting its message. This one was run by a Russian.
ADF is a professional military magazine published quarterly by U.S. Africa Command to provide an international forum for African security professionals. ADF covers topics such as counter terrorism strategies, security and defense operations, transnational crime, and all other issues affecting peace, stability, and good governance on the African continent.