Home Blogs Under Attack: Our Experiences with KillNet and Anonymous Sudan
Applications

Under Attack: Our Experiences with KillNet and Anonymous Sudan

About The Author

Outline

Black Hat USA is perhaps one of the cybersecurity industry’s most established and in-depth security conferences. Returning to Las Vegas for its 26th anniversary, Black Hat USA featured over 90 briefings, dozens of open-source tool demos, a robust business and expo hall, and a variety of in-person and virtual training courses – most having both an offensive component – hacking or reverse engineering a given system, as well as recommendations on how to mitigate such risks.

Every year, this event provides a platform for some of the most accomplished professionals in the cybersecurity industry to share their knowledge and insights, offering attendees a deeper look into the evolving threat landscape, as well as the tools, tactics, and procedures (TTP) of the day. The briefings alone encompassed a wide spectrum of topics, such as safeguarding vital information infrastructure, fortifying widely adopted enterprise computer systems, exploring cutting-edge InfoSec research and development, and almost everything in between.

During this year’s event, Edgio’s own Richard Yew, Sr. Director Product Management – Security, and Andrew Johnson, Head of Product Marketing – Security, discussed Edgio’s experiences with two formidable adversaries over the last year – KillNet and Anonymous Sudan.

While operating one of the largest edge networks in the world, Edgio has been in the crosshairs of KillNet and Anonymous Sudan since day one. In this presentation, Richard and Andrew share firsthand experiences from Edgio’s customers, and Edgio’s own teams, as a direct target of these notorious groups.

Starting as a DDoS-for-hire service, KillNet quickly evolved to target critical national infrastructure across the globe following Russia’s invasion of Ukraine. Making mitigation more challenging was KillNet’s use of varying techniques while rotating their targets to keep Edgio on its toes. Additionally, the persistent threats coordinated by Anonymous Sudan, who could run a master class in attack automation, were responsible for some of the largest application-layer DDoS attacks over the last year.

It wasn’t always pretty, so learn from Edgio’s experiences, both good and bad, as Richard and Andrew shed light on the tactics and motivations behind these dangerous adversaries.

Key Highlights and Takeaways:

  • DDoS attacks continue to increase in size and frequency, and can be launched for as little as a few hundred dollars.
  • KillNet started as a DDoS-for-hire service and turned into a pro-Russia hacktivist group with the start of the war in Ukraine. It now operates multiple affiliated entities and targets NATO-linked countries and entities whose political interests do not align with Russia.
  • Anonymous Sudan publicly emerged in 2023 and joined forces with KillNet shortly after formation. The group is well known for Application (L7) layer attacks and they’re still quite active today.
  • Edgio and its customers have been under attack from KillNet since the second half of 2022, with attacks ramping up in 2023; however, with Edgio’s robust, multi-layered security solutions, powered by its proprietary Stonefish DDoS mitigation system, these attacks have been countered with zero customer impact.
  • There’s no silver bullet! Organizations need to implement defense in depth.

This presentation offers a rare glimpse into the dark underbelly of state-sponsored hacktivist groups. It’s also an opportunity to learn how to improve your security posture and resilience against similar, evolving threat groups.