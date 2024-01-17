A hacktivist group calling itself Anonymous Sudan claimed credit last week for an apparently unsuccessful attack on the London Internet Exchange, or LINX, attributing the action to Britain’s support of Israel. According to a tweet from OSINT research entity CyberKnow, LINX remained operational throughout, and the Anonymous Sudan group “provided less evidence than usual” for its claims.

The group said the prompt for the attack were the recent airstrikes conducted against Iranian-backed Houthi rebels in Yemen, who have used drones and missiles to attack shipping off the coast of that country. “We expected this to be too good of an opportunity for [Anonymous] Sudan not to try and market themselves,” CyberKnow wrote.

Who is Anonymous Sudan?

Reports from cybersecurity companies indicate that Anonymous Sudan may not be purely an ideological anti-Zionist organization. One such report from Cloudflare said that the group has been linked to Killnet, a notorious pro-Russian hacking group. Anonymous Sudan has also been known to issue communications in Russian, and its attack infrastructure is suggestive that the group either originates from that country or is supported by its citizens. The US Department of Health and Human Services’ Office of Information Security describes KillNet as a hacktivist group that has been actively performing DDoS attacks against Ukraine and countries that support it since January 2022.

“Although KillNet’s ties to official Russian government organizations such as the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR) are unconfirmed, the group should be considered a threat to government and critical infrastructure organizations including healthcare,” the OIS report said.

The confusing nature of Anonymous Sudan’s roots – and the murky nature of the most recent attack – is not a surprise, according to experts, who said that the entire hacktivism movement is riddled with misinformation and misdirection. Frank Dickson, group vice president for security and trust at IDC, said that even validating the attribution of some hacktivist activity can be difficult.

Attributing hacktivist attacks tough

“When you talk to the folks that are good at this, the first thing they’ll tell you is that valid attribution is really tough,” Dickson said. “Especially because DDoS is a volumetric attack. Could it have been this group? Sure. Could it have been anyone else? Absolutely.”