In December 2023, Anonymous Sudan disrupted OpenAI’s ChatGPT service through a series of sustained DDoS attacks. This action was a response to public support expressed by OpenAI executive Tal Broda for the Israel Defense Forces’ missile attacks on Gaza. Broda had written remarks on social media that included, “More! No mercy! IDF don’t stop!” accompanying an image of a devastated area in Gaza, and in a separate post, he denied the existence of Palestine.
Anonymous Sudan stated through a Telegram post that their attacks on OpenAI would continue until Tal Broda was dismissed and ChatGPT adjusted its views on Palestinians. However, according to Akamai’s Seaman, the objectives of Anonymous Sudan might not be purely ideological. The group has also been selling access to its DDoS infrastructure to other hackers, as seen in Telegram posts offering their service, named Godzilla or Skynet, for $2,500 per month. This suggests that the politically motivated attacks could also serve as marketing for their business, according to Seaman.
Seaman noted that while there is an ideological thread in the group’s anti-Israel, pro-Palestine focus post the October 7 attacks, the selection of their victims might only be fully understood by the attackers themselves. Additionally, Anonymous Sudan has targeted Ukrainian entities and appeared to align with pro-Russian hacker groups like Killnet, raising suspicions within the cybersecurity community about its possible Russian links. However, charges against Ahmed and Alaa Omer indicate that the group is genuinely Sudanese in origin, despite lacking clear connections to the original Anonymous hacker collective.
Distinctive in its approach, Anonymous Sudan utilized a novel method by leveraging virtual private servers obtained through fraudulent credentials. These servers were used to conduct layer 7 attacks, which overwhelm web servers with requests for websites, contrasting with the traditional lower-level floods of data. The group and its service users would target victims with massive concurrent layer 7 requests, employing techniques such as “multiplexing” or “pipelining” to overwhelm and incapacitate servers.