The government of France has been hit by a cyberattack that shut down more than 300 government websites and affected several state bodies just months before the June European Parliament election and the July Olympics Games.
Prime Minister Gabriel Attal described the attack as one that used known cybercriminal tactics but had an “unprecedented intensity.”
The attack came after the PM’s defense advisor warned that these events (the European Parliament election and the Olympic Games) could be “significant targets.” It also comes just weeks after French President Emmanuel Macron suggested that European nations send troops to Ukraine.
While France24 reports that a security source told AFP that the attacks “are not currently attributable to Russia,” the cybercriminal group Anonymous Sudan — believed to be supported by Russia — has claimed responsibility for the attack.
The depth of the attack on France
The attack on France’s governmental digital infrastructure targeted the State Interministerial Network (RIE), a network that connects 1 million public sector agents and 14,000 state sites.
Using a distributed denial-of-service (DDoS) attack — flooding a website with a massive influx of traffic, usually carried out through botnets or infected networks of computers or using paid infrastructure — the attack impacted 177,000 IP addresses and over 300 French state web domains.
The flood of traffic caused government websites to shut down and left French authorities scrambling to recover services and restore access to the public. The office of the PM said that a “crisis cell has been activated to deploy countermeasures” and assured that “the impact of these attacks has been reduced for most services and access to state websites restored.”
Who is Anonymous Sudan, and what is InfraShutdown?
Anonymous Sudan is a rapidly rising cybercriminal group that began operating in 2023. Cloudflare explains that the group is known for launching DDoS attacks against Western organizations and governments. The group often aligns its interests with Russian agendas.
“While the group claims to be based in Sudan and has been known to target so-called anti-Muslim activity, its actual origins are unclear, with threat researchers identifying possible logistical and ideological links to Russia,” Cloudflare says.
Cloudflare adds that Anonymous Sudan has also collaborated with pro-Russian attack groups like Killnet.
Curiously, Anonymous Sudan does not use botnets to launch DDoS attacks. Instead, they are known for using clusters of rented servers. While this process is much more expensive, it can generate more online traffic to overwhelm targeted websites.
The financial resources required for this type of operation, the selection of targets, and the techniques used all seem to indicate that the group either originates from Russia or is supported by Russia.
Anonymous Sudan hits the US State Government of Alabama just days after attacking France
As reported by CyberExpress, on March 13, just days after shutting down French government online operations, Anonymous Sudan hit 3 government agencies in the State of Alabama in the United States.
At the time of this report, the Alabama agencies that experienced disruptions due to the attack included the State of Alabama, the Office of Information Technology, and the Alabama Supercomputer Authority. Anonymous Sudan claimed responsibility for the attack. The criminal group said that attacks on the US would continue “as long as it (the US) continues to support Israel and interfere in Sudanese affairs.”
The attacks on Alabama and France are believed to have been powered by a new tool: InfraShutdown.
InfraShutdown was created by Anonymous Sudan, revealing that the group is dangerously escalating its footprint in the global cybercriminal underground.
Anonymous Sudan openly showing off and promoting InfraShutdown
Anonymous Sudan is known for its attacks against countries like Denmark and Sweden, and for hacking big tech organizations like X (formerly Twitter) and ChatGPT, claiming political and religious motives. But now, the cybercriminal gang is moving into a very different criminal category.
Recently, the leader of the group, known as “Crush,” used Telegram to reveal the group’s new tool and product, InfraShutdown.
Anonymous Sudan is offering the tool to any bad actor who wants to launch global-scale DDoS attacks. The criminal gang calls InfraShutdown “The Ultimate DDoS-for-Hire Revolution.”
Shifting to the malware-as-a-service (MaaS) global underground criminal industry is a new move for Anonymous Sudan, one that speaks of its expansion and real motives.
How InfraShutdown works
It is believed that both the attack on France and the attack on Alabama were executed using InfraShutdown. The attacks can also be seen as high-level demonstrations of the tech Anonymous Sudan is promoting.
Anonymous Sudan says that “InfraShutdown emerges as the pinnacle of bullet-proof cyber dominance, offering bespoke Distributed Denial of Service (DDoS) campaigns tailored to the unique objectives of our global clientele.”
They claim to offer DDoS attack services for bad actors who want to go after government agencies, private entities, or individuals.
“Our services are designed to deliver unparalleled digital disruption across a multitude of sectors with ZERO limits and military-grade privacy,” the group claims.
The group that openly promoted the tool using Telegram and Twitter (X) claimed InfraShutdown is capable of:
- Global dominance operations: Specialized in nation-state level disruptions, targeting critical infrastructures, financial systems, and tele/communication networks to assert geopolitical influence or reach other goals
- Corporate warfare tactics: Level the competitive playing field with strategic disruptions against market competitors, safeguarding your market position and disrupting rivals’ digital operations
- Sector-specific assaults: From educational institutions to healthcare systems to data centers, deploy targeted attacks to disrupt operations or influence sector-specific outcomes limitlessly
- Customized campaigns: Tailored precisely to your needs, whether it’s a personal vendetta, a political statement, or a strategic business move, small or big
Anonymous Sudan is also offering support to those who hire their new DDoS tool.
Final thoughts
The radical change of Anonymous Sudan, from a politically motivated DDoS group to DDoS-for-hire and cyberwarfare, is one that cybersecurity experts and governments worldwide should certainly not underestimate.
The origin, partners, infrastructure, and motives of Anonymous Sudan are still shrouded in mystery. While expert organizations like Cloudflare and many others assure that Anonymous Sudan is linked to Russia, the group supposedly based in Sudan is operating with impunity and hitting government agencies hard.
These attacks have not only increased in frequency and damage caused, but the group is now offering its DDoS skills and tech for hire openly. In the ongoing battle for global cybersecurity, this will be a group for experts to watch carefully.