November 19, 2024
In March of this year, the US Federal Bureau of Investigation (FBI) concluded that Russia might be behind a cyberattack targeting the infrastructure of an Armenian telecommunications company. This conclusion emerged during the FBI’s investigation into the activities of the hacker group Anonymous Sudan.
Who is Behind Anonymous Sudan, and What is their Connection to Moscow?
According to the US Attorney’s Office, the hacker group Anonymous Sudan, which reportedly emerged in January 2023, has carried out approximately 35,000 Distributed Denial of Service (DDoS) attacks over the past two years. These attacks targeted a dozen countries, with about 80% directed against the United States and its allies. The group’s operations have affected at least 95 state institutions and 450 organizations critical to various economic sectors and infrastructure.
This activity has drawn the attention of Western cybersecurity experts and officials, many of whom suspect that the Kremlin is actually behind Anonymous Sudan. While the group presents itself as aligned with Islamist ideologies, evidence suggests it may serve as a front for Russian state-sponsored actors. Reports have documented joint cyberattacks conducted by Anonymous Sudan in coordination with Russian hacker groups Killnet and ReVIL, targeting Western and Ukrainian interests.
In an FBI indictment filed in Los Angeles this October, two Sudanese nationals, 22-year-old Ahmed Salah Yousif Omer and 27-year-old Alaa Salah Yusuuf Omer, believed to be leaders of Anonymous Sudan, were charged. According to the indictment “there has been some media and threat research company reporting suggesting that Anonymous Sudan may be state-sponsored Russian actors masquerading as Sudanese actors with Islamist motivations, and Anonymous Sudan has publicly claimed an affiliation with pro-Russian hacktivist collective “Killnet.””
Anonymous Sudan [Russia] Targets Armenia
The FBI’s indictment sheds light on cyberattacks linked to Anonymous Sudan and Russia. According to the document: “March 1, 2024 – Anonymous Sudan claimed to have launched DDoS attacks against Armenia Telecom Infrastructure, causing an outage. The post includes a screenshot indicating massive disruptions to internet availability within Armenia. In the post, Anonymous Sudan suggested that anyone desiring similar DDoS attack power could subscribe to their “InfraShutdown” service”.
However, this March attack on Armenia was not the only incident traced back to Russia. At least four more cases of Russian-origin cyberattacks against Armenia were recorded in 2024:
Experts in cybersecurity link the surge in cyberattacks by Russian hacker groups to Armenia’s evolving policy of strengthening political, military, and security ties with Western countries also.
Observations
In recent years, post-Soviet countries, including Armenia, have increasingly become targets for various Russian hacking groups. This trend is likely driven by the growing competition among global powers in the region, exacerbated by the ongoing war in Ukraine.
Another significant factor is that Russian hacking groups often use post-Soviet states as testing grounds to experiment with and refine their tools, tactics, and strategies before deploying them against Western nations. While the Baltic states are particularly notable targets in this regard, other post-Soviet countries are not exempt.
The activities of Russian hacking groups can generally be categorized into four main areas: