Anonymous Sudan launched a DDoS attack against Telegram

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group.

The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account.

“In a recent update, a well-known and notorious threat actor declared their targeting of Telegram. This group initiated the attack after Telegram’s decision to ban their primary account on the messaging platform.” reported SOCRadar.

The primary Telegram channel operated by the group had approximately 120,000 users.

The attack on Telegram does not appear to be politically motivated like other offensives conducted by the hacker group.

Telegram did not motivate the block of the group’s channel, however, SOCRadar researchers believe that the platform banned the account due to the use of bot accounts that violate ToS of the service.

Below is the message of the group on X (former Twitter).

Collective Anonymous Sudan has been active since January 2023, it claims to target any country that is against Sudan. However, some security researchers believe that Anonymous Sudan is a sub-group of the Pro-Russian threat group Killnet.

Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.

The collective Anonymous Sudan claimed responsibility for the DDoS attacks that hit the company’s services.

In July, Anonymous Sudan announced it had stolen credentials for 30 million customer accounts.

“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD” reads the message published by the group on its Telegram channel on July 2nd, 2023.

The collective shared a sample of the alleged stolen data and is offering for sale the database for $50,000.

SOCRadar researchers noticed that the group does not seek the support of pro-Islamic groups and only interacts with Russian hackers. The experts also noticed that the languages used by the group for his posts are English and Russian, instead of Arabic.

The group does not appear to be linked to the original Anonymous Sudan hacktivists, which have been active since 2019 and emerged in Sudan. The group behind the attack on Telegram is also not linked with the popular collective Anonymous.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)