By: Marcus Alexandersson/TT
Published: Less than 20 min ago
The hacker group that took “credit” for the attacks on Sweden now belongs to a Russian network. Anonymous Sudan says so themselves.
– This is exactly what we have also seen, that it is Russian actors who were behind it from the beginning, says cyber security expert Marcus Murray.
The overload attacks against Swedish authorities, companies and interests have continued in recent days. The group Anonymous Sudan has said they are behind it, but has previously distanced itself from reports linking them to Russian actors. On Sunday, however, the group came out and announced that they are now part of the Russian hacker network Killnet.
“They have helped us and they are good people,” reads the explanation.
Declared war
However, Marcus Murray, cybersecurity expert at Truesec points to another explanation:
– There have been Russian interests from the beginning. The real Anonymous declared war on Russia shortly after the invasion of Ukraine. Since then, Russia has actively tried to infiltrate Anonymous and hijack their brand.
Trusec has conducted an analysis of Anonymous Sudan in a report released on Monday. There it appears that the group is not part of what can be described as “Islamist hackers” but rather moved in circles with connections to Russia from the time the group became known.
According to Trusec, the most likely explanation is that Anonymous Sudan was started by Russian actors to direct the spotlight on the controversial Koran burnings and the political crisis they created between Sweden and Turkey regarding NATO membership.
– This is a Russian influence operation. It has been dressed up as Anonymous to create credibility. But they (Anonymous) and Russia are enemies, says Murray and continues:
– Given the geopolitical situation, this is the new normal.
“Fuck you”
Even social media accounts traditionally linked to the real Anonymous deny that Anonymous Sudan has anything to do with the movement. The account “@AnonOpsSE” writes on Twitter:
“Anonymous Sudan is not Anonymous and fuck you and fuck Killnet if you want to play let’s play,” before ending the tweet with calls to support Ukraine.
Marcus Murray advises anyone who feels confused by all the information about attacks and influence campaigns to be critical of sources and seek facts from established actors.
Facts
Anonymous
Anonymous has made itself known for several high-profile IT attacks in various countries, including in support of Wikileaks and founder Julian Assange. The group is loosely composed and several surrounding interests sometimes claim to belong to the movement.
The association claims to work for freedom of expression and, above all, freedom on the internet.
One of Anonymous’ more established measures is to announce a “campaign” via social media when a specific target (company, country or organization) is to be attacked. The tactic allows many with similar views or interests to join the ongoing attack.
Overload attacks, which are technically relatively easy to carry out, are among the organization’s most common methods.
Read moreFacts
Overload attacks
An attack that shuts down sites or prevents users from accessing services is called a denial-of-service attack or ddos attack. The abbreviation ddos stands for “distributed denial of service”, which roughly means that the site cannot be accessed.
The basic concept is to use massive amounts of data from a large number of computers on a given signal from so-called bot networks to knock out networks. Variations on the same theme are more precise attacks directly against firewalls, applications or web services, which can be more difficult to detect and repel.
The network can be controlled by one person in one country, with control servers in other countries and hijacked equipment all over the world. The person ordering the attack may in turn be sitting in Sweden and hiding behind encrypted communication.
DDOS attacks should not be confused with so-called hacker attacks or data breaches where the aim is to steal or distort information online. But it is not uncommon for overloading to be used as a deceptive maneuver in connection with data breaches. Bot networks can also be used to pump out disinformation on social networks such as Facebook and Twitter.
Source: Arbor Networks
Read more