Anonymous Sudan has been harassing US and European targets with distributed denial of service (DDoS) attacks since early 2023, but its latest scheme is most likely a ruse and a desperate bid for money. The group claims to have stolen 30 million Microsoft accounts and is offering them up for $50,000, but the company says that the sample it posted cannot be authenticated and that there are no signs of a data breach.
Microsoft accounts are likely safe, but Anonymous Sudan has shown skill in DDoS attacks
When a suspiciously small amount of money is being asked for what would appear to be such a major hacking coup, the incident can almost always be written off as some sort of scam attempt. Anonymous Sudan posted an alleged sample of the stolen data via their Telegram bot, but it looks as if the 100 accounts they shared may have been stolen in a prior data breach.
Anonymous Sudan has been hassling targets around the world with DDoS campaigns since early this year, and have proven to be very capable in this specific area. But when it comes to stealing or extorting money, the group seems to flounder. A prior attempt to shake Air France down for $3 million using repeated DDoS attacks did not come off, and the group has now claimed several data breaches that never actually materialized.
Thus far there have been no warnings to users about Microsoft accounts being compromised. Notifications would likely be issued quickly if the data breach was thought to be legitimate.
Anonymous Sudan and Killnet have a long history of DDoS, much shorter on data breaches
Anonymous Sudan is not known to have intentionally caused any data breaches as of yet, save for one accidental exposure during its barrage of Scandinavian Airlines in February. The group has publicly claimed affiliation with Russia-based Killnet, and some security experts believe that it is simply a marketing arm of that group aimed at Arabic countries. The group has claimed that it briefly breached and disabled Israel’s Iron Dome defense system several months ago, but there is no good third-party evidence of this.
Killnet has racked up at least a couple of legitimate data breaches, but the group is similarly known for wild claims in this area that it cannot later support. As to why either group would make such brazen false claims, the answer is that this is all primarily a publicity exercise. Killnet started out as a DDoS-for-hire service and has since expanded into dark web sales and extortion. More media attention means more potential customers in the criminal underground recognizing their brand name.
Killnet has also shown a nationalistic bent, and Anonymous Sudan may be an extension of this. The purpose of the subgroup may be to promote relationships between Russia and assorted Arabic countries and to undermine the West in their eyes.
Whatever the true nature of the group, Anonymous Sudan has been active since at least February of this year. The alleged theft of Microsoft accounts is just the latest development in a string of DDoS attacks it has claimed. These attacks are sophisticated and usually damaging, but also usually do not amount to more than taking public-facing websites offline for a few hours.