Security Intelligence
Loading table of contents...
France’s cybersecurity agency (ANSSI) has responded to a distributed denial of service (DDoS) attack of ‘unprecedented intensity’ on the country’s State Inter-ministerial Network (SRI), rendering many digital government websites and services unavailable for several hours. ANSSI activated a crisis cell within the French government to deal with the attack, which ultimately subsided once filtering measures were put in place.
The pro-Russian hacking group, Anonymous Sudan, took credit for the attack on its Telegram channel. It said the group successfully targeted over 17,000 IP addresses and devices and 300+ domains.
Image 1: Anonymous Sudan's claiming credit for the DDoS attack on French websites. (Source: Telegram)
Source: Cybernews.com
Analysis
This DDoS attack on French government services and websites is likely in response to French President Emmanuel Macron’s recent statement regarding the possibility of sending French troops to Ukraine. Anonymous Sudan has a history of targeting organizations and governments at odds with Russia, such as Sweden during its ascension into NATO.
These types of attacks will likely continue as long as Macron stands firm against Russia and in the period leading up to and during the 2024 Paris Olympics.
Field Effect assesses that Anonymous Sudan, and the similar pro-Russian group KillNet, are likely sponsored by Russia’s Federal Security Service (FSB). The FSB has a history of contracting criminal hackers to give the Russian government plausible deniability for low-risk and high-reward activities such as DDoS attacks on Western targets.
Anonymous Sudan was likely established with the intent of intimidating and harassing Russian adversaries, its supposed Sudanese origin a thinly veiled attempt to make it appear like an entity distinct from Russian Intelligence Services.
Although DDoS attacks are initially effective at knocking their targets offline, they usually aren’t sustainable for long periods, and targets typically recover once proper mitigations are implemented. However, even minimal downtime can cause a significant loss of revenue, customer dissatisfaction, and reputational risk.
DDoS attacks are a popular choice for threat actors with low technical skills, as legitimate network stress tools can easily be found online and repurposed for malicious use. Threat actors often amplify their attacks by recruiting their social media followers to participate, providing them with the required instructions and tools.
Additionally, a high number of open proxies and DNS resolvers can be leveraged for DDoS attacks, making it difficult for defenders to counter DDoS attacks by blocking IP addresses alone.
Mitigation
Firewalls usually will not stop the high traffic volume generated during a DDoS attack conducted by Anonymous Sudan and KillNet. To properly mitigate, organizations should deploy specific DDoS prevention solutions that are:
- Aligned with your infrastructure and online presence
- Designed to counter various types and volumes of DDoS attacks
Additionally, organizations should ensure that internet-exposed devices are configured properly and do not allow external connections to any proxy or DNS resolver services running on the device.
