Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink
The hacking collective known as Anonymous Sudan orchestrated an action on Tuesday morning, causing widespread outages on X, formerly referred to as Twitter, across more than a dozen countries. This move aimed to exert pressure on Elon Musk to introduce his Starlink service in Sudan. The service interruption lasted over two hours, affecting numerous users.
Using the messaging platform Telegram, the hackers posted their demand to Elon Musk: “Open Starlink in Sudan.” Anonymous Sudan indicated that this was part of their broader campaign to aid Sudan and Islam. The group’s latest target, X, fell victim to their attack strategy, which involved overwhelming X’s servers with high volumes of traffic, a technique consistent with their known approach.
During private discussions over several weeks on Telegram, the BBC engaged with the hackers, delving into their methods and motivations. A group member going by the name Crush revealed to the BBC that the attack on Tuesday involved a Distributed Denial of Service (DDoS) assault, with the goal of raising awareness about Sudan’s civil war, which has severely impacted internet connectivity in the region.
The incident generated nearly 20,000 outage reports on Downdetector, predominantly from users in the US and UK, suggesting a larger scope of impact. However, X did not publicly acknowledge the disruption, and Elon Musk remained silent about launching his satellite internet service in Sudan.
The hacking group has faced accusations within the cybersecurity community of being a disguised Russian cyber-military unit, operating under the guise of a foreign hacktivist organization.
This speculation is partly due to their online support for Russian President Vladimir Putin and apparent alignment with other hacking groups in Russia. Nonetheless, the group has consistently denied Russian affiliation and provided the BBC with evidence indicating their location in Sudan.
Crush, who serves as the main spokesperson for the group, shared his live location on Telegram, and along with another member named Hofa, presented images of Sudanese passports and screenshots to demonstrate their presence in Sudan.
Although such evidence can be counterfeited, weeks of interaction with the BBC and cybersecurity researchers yielded no indication that the hackers were misleading.
Crush expressed the group’s overarching goal of showcasing the capabilities of Sudanese individuals in various domains. He clarified that their actions were motivated by a desire to reciprocate the support Russia had offered Sudan during its own troubles.
While the group is comprised of a small number of Sudanese hackers, they have been effective in disrupting multiple organizations and government web services across France, Nigeria, Israel, and the US since their emergence in January.
For the past month, the gang has attacked Kenya, claiming the country’s government is “meddling in Sudanese affairs”.
One attack heavily disrupted the country’s eCitizen portal used by the public to access more than 5,000 government services.
When challenged about the impacts on citizens, Crush defended the actions and said: “The reason we hit infrastructure is to teach the country and its rulers a lesson, and yes we have red lines, that is if our attacks harm a lot of innocents.”
However, the group has also unsuccessfully attacked hospitals.
The gang claims to be carrying out the criminal attacks to “defend the Truth, Islam and Sudan”, but on at least two occasions it has also tried to extort victims for Bitcoin.
It has also targeted websites like OnlyFans, Tumblr, and Reddit, saying that they promote what it calls “disgusting smuts and other LGBTQ+ things”.
In June, the hackers celebrated when the US cyber authority issued an official warning about a wave of attacks against American organizations which it warned: “can cost an organization time and money and may impose reputational costs while resources and services are inaccessible”.
Its most high-profile attack in June disrupted Microsoft services including Outlook and OneDrive, forcing the tech giant to issue a report with advice to customers on how to prevent being affected by the group.