‘Anonymous Sudan’ hackers in the recent cyber attack in Kenya linked to Russia; Report
4 min read
The wave of cyber-attacks that befell Kenya recently by 'Anonymous Sudan' has been linked to a group of hackers in Russia
The wave of cyber-attacks that befell Kenya recently by ‘Anonymous Sudan’ has been linked to a group of hackers in Russia.
According to Pan-African cybersecurity consulting firm, Serianu Limited, ‘Anonymous Sudan’ is a code name for a threat actor that has been conducting denial of service (DDoS) attacks against multiple organizations, the most recent being in Kenya.
Serianu alleges that the organization of self-described “hacktivists” is made up of politically motivated hackers from Sudan.
“Anonymous Sudan emerged in Sudan in response to the country’s ongoing political and economic challenges. In 2019, a popular uprising led to a military coup that ousted President Omar al-Bashir. Since then Anonymous Sudan has continued to be a vocal and active presence in the country’s political landscape,” writes Serianu in a cyber threats advisory to public and private organizations.
The Anonymous Sudan group has been seen to actively participate in attacks initiated by a Russian threat actor group identified as Killnet and has voiced claims of being part of the Russian group.
Flashpoint Intel researchers claim that there is a likelihood that Anonymous Sudan is actually a state-sponsored Russian actor disguising themselves as Sudanese actors with Islamist motivations.
“Despite obfuscations on official Anonymous Sudan channels as to their identity and affiliations, the employment of social media or public facing accounts under the “hacktivist” banner is consistent with previous tactics, techniques, and procedures employed by Russian State-sponsored adversaries,” says Flashpoint in a report.
During the attack on the government’s eCitizen portal, ICT Cabinet Secretary (CS) Eliud Owalo confirmed that the hackers attempted to jam the portal through an overload of data requests, insisting that no personal data had been accessed or lost.
“They tried jamming the system by making more requests into the system than ordinary, which led to the slowing down of the system,” said Mr Owalo.
DDoS has emerged as the ‘hacktivist’s go-to weapon of choice every time it seeks to deploy attacks on a victim’s infrastructure.
This form of cyber-attack is aimed at flooding a server with internet traffic to prevent users from accessing connected online services and sites.
It ends up disrupting a service or network rendering it inaccessible to its normal users.
Serianu says that Anonymous Sudan uses a cluster of 61 paid servers hosted in Germany to generate the traffic volume required for a DDoS attack.
The grouping first popped to the surface on January 18, 2023, claiming to be from Sudan but its Telegram registration denotes Russia.
Since then, it has been found to have raided multiple organizations in Sweden, India, the USA, Denmark, and Israel with attacks before it landed in Kenya and most recently in Nigeria.
Some of the most popular hashtags associated with the group in online conversations include #AnonymousSudan, #Infinity Hackers Group, #KILLNET, #ANONYMOUS RUSSIA, #OpSweden and #OpSudan.
Government bars public workers from swapping leave days for money
Safaricom announces M-Pesa charges
Kenya opens base in Haiti ahead of police deployment
Kenya seeks partnership with China in intelligence sharing
THREE rebel ODM MPs apologise to Raila
‘Bipartisan talks a waste of time’ Kabando wa Kabando letter to Raila and Kalonzo
According to Serianu, Anonymous Sudan operates by using a network of remote-controlled computers (botnet) to flood a targeted website with traffic, making the site inaccessible to users.
“Attacks originate from tens of thousands of unique source IP addresses with UDP traffic reaching up to 600Gbps and HTTPS request floods up to several million RPS,” notes Serianu.
The consultancy firm further opines that the hackers leverage cloud server infrastructure to generate traffic and attack floods while leveraging free and open proxy infrastructures to hide and randomize the source of the attacks.
“These attacks target application layer protocols with the intention of disrupting services and can go undetected by traditional defense systems,” says Serianu in the advisory paper.
“Some of the common techniques include request floods, application vulnerability exploitation, application-specific attacks such as XML-RPC floods, and zero-day vulnerability exploits.”
Cybercrime experts recommend verifying Anti-DDoS configurations, and ensuring sites are protected on top of ascertaining that the established network operations centre has the capacity to monitor the internet service provider (ISP) lines for abnormal traffic.
Other measures include scanning the website frequently for potential security loopholes and ensuring that all the necessary updates are installed to prevent possible attacks.
Also read,
Moses Kuria recounts moment he was forced to hide in Raila’s home
CS Kuria office moved amid a row with DP Gachagua
Tradey as mother, three children burn to death
Only four counties meet their own-source revenue target; Report (LIST)
State Department of Immigration publishes list of ready passports; How to check
Follow us
