UPS latest Anonymous Sudan target, Microsoft time-out


Following a week-long attack on Microsoft, the pro-Russian hacktivist gang Anonymous Sudan has claimed global shipping giant United Parcel Service (UPS) as the latest target in an ongoing campaign against the US.

The UPS website was reportedly knocked offline by the hackers around 6 p.m. ET Monday night.

The monitoring site Downdetector showed the UPS website was down for thousands of users in the US at the time, as well as for users in Canada and the UK.

Downdetector UPS outage
Downdetector.com, June 12

About 80% of users reported having problems with the UPS website, while the other 20% reported problems with tracking their packages and logging in to their accounts.

Anonymous Sudan posted an image of the ups.com gateway timeout on its encrypted Telegram channel at 6:15 PM ET – about 2 minutes after the first user had reported the UPS outage to Downdetector.

Anonymous Sudan UPS outage
Anonymous Sudan Telegram channel, June 12

Meantime, customers looking for answers as to why the site was down tweeted about the outage on Twitter.

"@UPS your website is down. Please update us on a status! Error codes galore," one user posted.

“Hello! We are very sorry to hear you're having issues with our website. We would be more than happy to help in any way we can. Feel free to DM us your tracking information or any questions you have. -JR,” UPS responded.

Latest campaign against the US

It’s the latest in a series of attacks by the gang focused on disrupting US companies and infrastructure the campaign easily identified by the group's hashtag "F@#$_USA."

Anonymous Sudan claims its latest effort is in response to the US government's support of Ukraine, as well as US Secretary of State Antony Blinken's recent “interference” in Sudanese affairs, which includes recent US sanctions against Sudan's military and other entities.

Exactly one week ago, Anonymous Sudan reported to have successfully taken down Microsoft Outlook services for thousands of users by using its signature DDoS attack modus operandi.

The Microsoft outages went on throughout the week, although the tech giant was consistently vague about why, citing "technical difficulties" to the dozens of users complaining about the interruptions on Twitter.

"❗️Microsoft, the fate of your services is under our hands, we decide when to shut it down and when to leave it open," Anonymous Sudan said.

"We can target any US company we want. Americans, do not blame us, blame your government for thinking about intervening in Sudanese internal affairs," the group threatened.

Anonymous Sudan Microsoft Outlook
Anonymous Sudan Telegram channel, June 5

Signature method of attack

Anonymous Sudan began making waves in the hacktivist world this past January.

The group favors the use of distributed denial-of-service attacks, known as DDoS attacks, which overload a target’s website or server with thousands of traffic requests, knocking the services offline.

It's a fairly simple yet effective type of attack that can be executed from anywhere in the world using a network of automated bots. It can be triggered by the threat actors at any time they choose.

Anonymous Sudan will often target its victims for a set period of time – typically in two-hour stints – to prove it has complete control over the target's website, though not causing any permanent damage.

"Think about it, if a company as big as Microsoft cannot defend itself from a small Sudanese group with very slow internet speeds, how can you ever trust such a company?" Anonymous Sudan posted to followers during its attacks on the tech conglomerate.

The group will commonly screenshot its alleged handi-work to show off on Telegram, using campaign hashtags and random emojis.

At about 8 p.m. ET Monday night, Anonymous Sudan posted this message on Telegram.

“The attacks on the UPS have been stopped, we will be satisfied with this amount of "2 hours".

Anonymous Sudan UPS two hour
Anonymous Sudan Telegram channel, June 12

Often, as in the case with Microsoft this past week, the group will intermittently attack their target for days on end.

Sometimes the group will stick to a target over the course of several months, even if only for their own amusement.

For example, the group has been relentlessly targeting SAS Airlines with intermittent outages since mid-February.

The first attack on SAS was lauded as part of a coordinated Valentine's Day attack against Sweden; the second, a two-week long campaign launched May 24th (on hiatus since the Microsoft attack began), came complete with a $10M ransom demand, all because Anonymous Sudan was "bored."

Anonymous Sudan SAS game
Anonymous Sudan Telegram channel, May 24

Anonymous Sudan is also known to support the work of other pro-Russian hacking groups, Killnet and Usersec all well-known for their anti-Ukraine, anti-Israel, anti-Nato, and anti-Western doctrine.

Leading up to the Microsoft attacks, which garnered worldwide attention for the group, Anonymous Sudan posted claims of successful attacks on US companies Lyft, Tinder, and several US hospitals.

In May, the group even declared cyber war on billionaire SpaceX founder and Twitter CEO Elon Musk, although never followed through with its proclamation.

Last week, Anonymous Sudan also threatened to go after the California-based OpenAI’s ChatGPT, claiming to have run a test attack on OpenAI's website address on June 6th, but instead continued the barrage on Microsoft's 365 services, eventually moving on to target the Microsoft Azure cloud platform, which is used by half a million companies worldwide.

Anonymous Sudan Microsoft Azure
Anonymous Sudan Telegram channel, June 9

In the latest Microsoft twist, after seven days of intermittent outages affecting all Microsoft services, Microsoft Azure is finally admitting what seems obvious to those following the saga its recent outages were caused by an "anomalous spike" in Azure traffic requests.

Microsoft posted a Preliminary Post Incident Review about the outage on its June 2023 Azure status history page.

"Our internal telemetry reported an anomaly with increased request rates, and the Azure portal displaying a “service unavailable” message in multiple geographies," Azure said under the "What went wrong and why?" section of the report.

"Traffic analysis showed an anomalous spike in HTTP requests being issued against Azure portal origins, bypassing existing automatic preventive recovery measures and triggering the service unavailable response. We will share more details when our investigation is complete," it said.

It’s not clear if the attack on UPS is a one-off event or will continue throughout the week. Cybernews will follow the story.


More from Cybernews:

Why is Elon Musk's Twitter struggling with bots?

New Twitter boss Yaccarino wants platform to become most accurate news source

Pro-Russian bot farm busted in Ukraine

Meta, Amazon, Twitter layoffs turn into startup wave

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked