Anonymous Sudan launched a DDoS attack against Telegram

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group.

The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account.

“In a recent update, a well-known and notorious threat actor declared their targeting of Telegram. This group initiated the attack after Telegram’s decision to ban their primary account on the messaging platform.” reported SOCRadar.

The primary Telegram channel operated by the group had approximately 120,000 users.

The attack on Telegram does not appear to be politically motivated like other offensives conducted by the hacker group.

Telegram did not motivate the block of the group’s channel, however, SOCRadar researchers believe that the platform banned the account due to the use of bot accounts that violate ToS of the service.

Below is the message of the group on X (former Twitter).

Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet.

Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.

The collective Anonymous Sudan claimed responsibility for the DDoS attacks that hit the company’s services.

In July, Anonymous Sudan announced it had stolen credentials for 30 million customer accounts.

“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD” reads the message published by the group on its Telegram channel on July 2nd, 2023.

The collective shared a sample of the alleged stolen data and is offering for sale the database for $50,000.

SOCRadar researchers noticed that the group does not seek the support of pro-Islamic groups and only interacts with Russian hackers. The experts also noticed that the languages used by the group for his posts are English and Russian, instead of Arabic.

The group does not appear to be linked to the original Anonymous Sudan hacktivists, which have been active since 2019 and emerged in Sudan. The group behind the attack on Telegram is also not linked with the popular collective Anonymous.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.