Anonymous Sudan Targets Israel’s Critical Infrastructure

By Sarah Braithwaite on November 2, 2023

Executive Summary:

The Russian-affiliated hacktivist group Anonymous Sudan has recently pledged solidarity with Hamas, considering the conflict occurring in Israel and Palestine. This affiliation adds to the tense geopolitical landscape of the region. The group has focused its efforts on disrupting Israel’s Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, posing a significant cybersecurity threat. The announcement of their campaign was made through their Telegram channel, outlining specific targets on Israel’s Global Navigation Satellite Systems (GNSS), Building Automation and Control Networks (BACnet), and Modbus Industrial Control Systems. As the campaign unfolds, concerns are rising regarding the security of Israel’s critical infrastructure and the potential impact of the attacks.

Figure 1. Anonymous Sudan, Telegram

Background:

Anonymous Sudan originally started as a Russian-speaking Telegram channel in January 2023. While the group adopted the moniker of the Anonymous hacktivist group, there is no evidence of a direct link between Anonymous or the actual nation of Sudan. Despite their anti-Western and pro-Islam culture, Anonymous Sudan exhibits a strong allegiance towards Russian interests. The group has an affiliation with another Russian hacktivist group, Killnet, known for its Distributed Denial-of-Service (DDoS) attacks. The alliance between these two groups suggests there could be an interconnected network of cyber groups with the same ideologies. Anonymous Sudan primarily utilizes DDoS attacks to disrupt their targets. Their attacks are characterized by waves of UDP and SYN floods, which overwhelm the victim’s servers, rendering their services useless or sluggish. The group also utilizes public cloud servers and free and open proxy infrastructures to conceal the source of their attacks. Anonymous Sudan has targeted multiple countries in the past, such as Sweden and Denmark, France, the United States, and Israel. While their motivations are multifaceted, their target on Israel stems from geopolitical agendas and retaliation due to the Western support for Ukraine involving the Russian invasion.

Significance:

The group’s ability to compromise critical infrastructures demonstrates the existence of vulnerabilities within these systems. The need for real-time communication and monitoring of industrial systems results in an increased interconnectivity, which allows for a higher risk of exploitable vulnerabilities. Due to these interdependencies, compromising one critical infrastructure could cause a domino effect across other systems. The repercussions of these cyberattacks on ICS and SCADA systems can lead to harmful disruptions of essential infrastructure services, including power, water, communication, and transportation. These disruptions are a big concern for public safety and national security and have economic implications.

Technical Details:

The GNSS is a constellation of satellites that orbit Earth that provides precise location information. It ensures accurate and reliable positioning information for a wide range of industries like transportation, telecommunications, and agriculture. BACnet is a communication protocol designed for building automation and control systems. BACnet allows for communication between various systems within a building, such as HVAC, lighting, alarm services, and access control. Modbus is a commonly used SCADA protocol that allows for the exchange of data between devices. Modbus supports communication over different network layers such as serial, TCP/IP, and UDP and ensures data exchange is efficient and reliable.

Impact:

Targeting GNSS will cause disruptions to global positioning systems across the country, which could lead to operational disruptions of systems that rely on navigation. A compromise to Israel’s BACnet systems could result in energy surges, building evacuations, system shutdowns, and potential financial losses. The impact of this attack not only involves operational disruptions but also potential hazards to the safety of the public. Targeting the Modbus could result in the disruption of essential services in Israel, such as water, oil, gas, and electricity, which would severely impact vital infrastructure services. These potential attacks could cause significant damage to Israeli critical infrastructure and public safety.

References:

Ernalbant, Y. (2023, October 16). Reflections of the israel-palestine conflict on the cyber world. SOCRadar® Cyber Intelligence Inc. https://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/

Niazi, M. A. (2020). What is the BACnet protocol and how is it used in building automation systems to control data exchange? – technical articles. Control. https://control.com/technical-articles/what-is-the-bacnet-protocol/

Other Global Navigation Satellite Systems (GNSS). GPS.gov: Other Global Navigation Satellite Systems (GNSS). (n.d.). https://www.gps.gov/systems/gnss/

Petkauskas, V. (2023). Anonymous Sudan: Neither anonymous nor Sudanese | cybernews. https://cybernews.com/editorial/anonymous-sudan-explained/

Schappert, S. (2023). Russian hacktivists now targeting Israeli global satellite … – cybernews. https://cybernews.com/cyber-war/russian-hacktivists-target-israel-industrial-control-system/

What is the Modbus Protocol & How Does It Work?. NI. (n.d.). https://www.ni.com/en/shop/seamlessly-connect-to-third-party-devices-and-supervisory-system/the-modbus-protocol-in-depth.html

Figure 1: https://www.reddit.com/r/hacking/comments/174ngrx/siegedsec_anonymous_sudan_attack_israeli_targets/