[ad_1]
A mysterious hacker collective calling itself Anonymous Sudan, has been targeting Swedish banks, airports and hospitals with distributed denial of service attacks since February. This is ostensibly a response to the burning a Koran outside the Turkish Embassy in Stockholm in early this year.
The so-called DDoS attacks, which push websites and services offline by overwhelming them with internet traffic, disrupted online programming at Sweden’s national public broadcaster and knocked out the websites of Scandinavian Airlines, state-owned power company Vattenfall, and defense firm Saab AB. Extensive media coverage has made the attacks — and Anonymous Sudan’s claims — a matter of public debate in Sweden.
The group behind this campaign claims to consist of hacktivists from the East African nation whose aim is to go after “anyone who opposes Islam.” But a closer inspection of Anonymous Sudan’s social media records — and data from the attacks — show that the group is neither Sudanese nor Islamist, according to Mattias Wåhlén, who led an investigation into the hacks for Truesec, one of Sweden’s biggest cybersecurity firms.
He claimed that Anonymous Sudan appears to be an organized group of Russians, who have intimate knowledge of Swedish political and social issues. Their apparent motivation is to craft attacks designed to amplify tensions with the country’s Muslim minority and pressure Turkey to stand firm in rejecting Sweden’s bid to join the North Atlantic Treaty Organization. They could increase Sweden’s vulnerability to attacks in the future if they succeed.
Publicly available information on the group’s Telegram channel contained clues about its true origins, Wåhlén said. The Truesec report that he created states that Anonymous Sudan stated on its bio page its language of choice as Russian, and the country it is located in as Russia. The group also aligned itself online with Killnet, a pro-Russia political hacking group that’s targeted organizations and countries opposed to the war in Ukraine. The report also showed that an account affiliated with the hacker collective Anonymous denied all ties to the group.
Anonymous Sudan also appears well-funded. Instead of using networks of infected computers to launch attacks cheaply — the usual way hacktivist attacks are carried out — the group rented 61 servers in Germany from IBM Corp.’s SoftLayer division to conduct its operations, hiding them behind layers of anonymity, according to another Swedish cybersecurity firm, Baffin Bay Networks. Baffin Bay stated that IBM had the servers removed two weeks after Anonymous Sudan launched its attack.
“IBM works with industry partners and law enforcement agencies to identify and address malicious use of the IBM Cloud platform, as happened in this instance,” IBM said in a statement. “We appreciate Baffin Bay Networks’ partnership in this matter.”
Scandinavian Airlines didn’t return any messages regarding outages. SVT confirmed its incidents. Saab refused to comment.
While Wåhlén and his team were unable to determine whether Anonymous Sudan consisted of Russian government employees or pro-Russia hackers working independently, Katarzyna Zysk, a professor of international relations at the Norwegian Institute for Defence Studies in Oslo, said the timing and organization of the attacks, the hackers’ knowledge of religious and political friction points in Sweden, and the attacks’ similarities to other Russian influence operations led her to conclude that the group was controlled or guided by Russia’s intelligence services.
“This strategy of creating chaos is one of the major means Russia has been using against Sweden” to complicate its NATO application, she said. “All these campaigns move in the same direction.”
Anonymous Sudan on the other hand has denied that they work for Russia. “We have nothing to do with Russia,” the group wrote on Telegram, after Truesec published a report in February outing the group. “We help them because they helped us before, and this is a way to give back.”
The Anonymous Sudan attacks demonstrate that suspected Russian hackers are finding new ways to meddle in the political processes of the country’s democratic opponents, according to Wåhlén and other security experts. As President Vladimir Putin’s war in Ukraine grinds into its second year, Russia’s hackers are growing increasingly active in advancing the country’s geopolitical interests, experts said.
Anonymous Sudan is one of most active hacktivist networks on the web. It has been promoting Russian issues for just a couple of months. While the group has launched attacks on countries including Denmark, France, Germany, India and Israel, experts believe its primary aim is to erode support for NATO expansion, which would strengthen northern Europe’s defense against Russian aggression.
Sweden and Finland, who had previously abstained from joining military alliances due to their close relationship with Russia after the invasion of Ukraine in 2014, decided to abandon this policy and apply together to join. All 30 existing members needed to agree, and from the beginning Turkey’s President Recep Tayyip Erdoğan said he wouldn’t support the move.
Erdoğan’s government has long been irked by the activities of a large and politically active Kurdish minority in Sweden, which includes individuals aligned with groups that Turkey considers terrorist.
Sweden, Finland, Turkey and other countries reached an agreement in June last year on measures that will ensure progress. While Swedish leaders say they have since met all of Turkey’s requests, negotiations came to a halt in January after a far-right provocateur burned the Koran, which happened less than two weeks after Kurdish activists hung an effigy of Erdoğan from a lamppost near Stockholm’s City Hall.
The Koran burning occurred in a political context “that was already very sensitive,” said Diana Selck-Paulsson, a researcher with Orange Cyberdefense, a division of French telecom Orange S.A., in Malmö, Sweden. “And the cyber reaction of Anonymous Sudan, when looking at the timing and the pro-Russian character, feels quite calculated.”
To Wåhlén, who worked 35 years as an analyst in Sweden’s intelligence services before joining Truesec in 2020, the Russian hacking offensive “expertly exploited” political vulnerabilities — namely, Sweden’s need to be in “the good graces of Turkey” and the country’s struggles with assimilating thousands of Muslim refugees — “to make Sweden’s NATO campaign more difficult.”
SVT reports that Russian agents took part in a campaign to sow discord between European nations, Turkey and the Koran-burning incident. Documents leaked to exiled Russian opposition activist Mikhail Khodorkovsky’s Dossier Center showed that Russia staged fake protests in cities such as Paris, where people claiming to be Ukrainians displayed anti-Turkish banners, burned a Turkish flag and posed for pictures with their arms raised in Nazi salutes.
While it’s impossible to know exactly how successful these Russian efforts have been, in April, Erdoğan instructed Turkey’s parliament to ratify Finland’s entry into NATO — leaving Sweden behind. The prospects of joining NATO are uncertain.
Truesec, founded by Marcus Murray in 2005, was created to help protect Swedish organisations at a period when fast-spreading viruses and worms were the greatest threats to their computer networks. Truesec has grown to 300 employees as hackers have evolved. Experts say the number of cyberattacks and disinformation campaigns from Russia have increased significantly since Russia’s invasion of Crimea, which Stockholm condemned in 2014. Russian agents have tried to influence public opinion about Ukraine, a possible NATO bid and other issues in Sweden using a number of tactics.
In the first week of May, as Sweden’s prime minister and other Nordic leaders met with Ukraine’s president in Finland to pledge continued support for Ukraine’s defense, a new round of attacks targeted Sweden’s police and tax agencies, as well as its financial supervisory authority. Social media attacks have been attributed to a prorussian group.
“When we take measures, they regroup and return in new formations,” said the tax agency’s chief information officer, Peder Sjölander. “They are competent as well as persistent.”
The Russian effort to influence the narrative of the Nordic nation has become more evident in the last few years. Kremlin media outlets, following the 2015 Refugee Crisis, in which the country welcomed a number of refugees fleeing conflict and poverty, have attempted to portray Sweden in an uncontrollable migration-driven state, plagued by suburban riots and crime.
“There were of course real problems,” said Mikael Tofvesson, operational head of the Swedish Psychological Defence Agency, which was established last year to counter influence operations targeting Sweden. “We did have a refugee crisis, and the Russians didn’t create the problems, but they amplified them,” he noted. “The general intent of the different narratives they were using was that you can’t trust the government.”
Photo: Truesec’s CEO Marcus Murray, left, and Lead Analyst Mattias Wåhlén in the command center of the company’s headquarters in Stockholm, Sweden, on April 11. Photographer: Erika Gerdemark/Bloomberg
Copyright 2023, Bloomberg.
Topics
Cyber Security
Russia
[ad_2]
Source Link
