Anonymous Sudan Shuts Down Open AI, Disputed Cloudflare Breach
Remember, Anonymous Sudan is neither anonymous nor from Sudan. "Darknet Parliament" connects AS further to Russian threat actors.
On November 8, OpenAI users experienced connection and programming difficulties on OpenAI’s developer platform as well as ChatGPT. Days later, OpenAI attributed the outages to a denial-of-service attack. Hacktivist group Anonymous Sudan, with strong links to other Russian actors such as Killnet, and most recently, the more advanced Revil ransomeware group.
Revil has been tied to the theft of Apple’s iPhone design plans, cracking the elliptic curve cryptography on Donald Trump’s cellphone, and infamously joined Darkside in the Colonial Pipeline hack. Reported about plenty previously, Killnet has been tied to DDoS attacks amiable to Russian military agendas such as airports in Europe/Lithuania over the most recent NATO summit.
In a Telegram channel posting, the hackers claimed the attack was due to ChatGPT having “a general biasness towards Israel and against Palestine.” Although OpenAI has yet comment on any attribution for the alleged DDoS attack, Anonymous Sudan is known to favor such attacks against perceived enemies. The Telegram posting accused OpenAI of cooperating with the “occupation state of Israel,” and went on to claim that “AI is now being used in the development of weapons and by intelligence agencies like Mossad”.
Ability to bypass Cloudflare’s secure layer was key to accessing OpenAI.
In its most recent post, Anonymous Sudan claims to be selling a Cloudflare exploit for $5000. Whether or not this is legitimate, this is of major concern to Cloudflare as a web app security/ cybersecurity SaaS (security as a service) distributor to both small and large companies spanning 4.1 million customers.
According to a spokesperson, "Cloudflare experienced a DDoS attack that caused intermittent connectivity issues to www.cloudflare.com for a few minutes. This DDoS attack did not affect any service or product capability that Cloudflare provides, and no customers were impacted by this incident”.
A DDoS protection distributor compromised through a DDoS attack and proceeded to deface the homepage, implying user access to the site.
One can say no customers are affected, yet.
This attack happened days after Cloudflare reportedly experienced a power outage at one of its Oregon data centers, and recovery efforts hampered services for customers over a brief period.
DARKNET PARLIAMENT
This June, the group posted a message to their Telegram - “Russian hackers announced a massive attack on the Western financial system within the next 48 hours. The first task is to paralyze Swift,” the post stated.
"According to our information, guys from the KillNet, Revil, and Anonymous Sudan groups have united in this campaign to repel the maniacs according to the formula: no money - no weapons - no Kiev [sic] regime," the group said, referring to the war in Ukraine and allied support from the West.
"Among the targets: European and US banks, SWIFT, and the US Federal Reserve System," the post continued.
No outages to Swift occurred, and light mockery has been made of the term after the fact, but this Russian matrix is once again reinforced. Other financial targets in the latest warnings include SEPA, another European payment system; IBAN, the standard international bank account numbering system; the money transfer service Wire; and the foreign exchange tech company Wise.
Any splinter Anonymous Operations groups have disavowed ties to this cell.
Most of the information available on Anonymous Sudan comes from the group’s Telegram channel, which was created on January 18, 2023, just days before it launched its first attack. The group claimed it conducted attacks conducted in response to anti-Muslim activities that have taken place in the target nations and in support of Russian hackers who, in turn, support Sudan.
Anonymous Sudan concentrates on specific targets for short periods, generally a day, but in some cases for extended periods of time. New implications of Revil imply extended exfiltration abilities.
Time will tell.