Anonymous Sudan, a pro-Islamic hacker group, has recently published a donation campaign on their Telegram channel, urging contributions through various digital currencies. It should be noted that there is no indication that large number of transactions were made to the group.

Operating since January 2023, Anonymous Sudan has focused on targeting Israel while advancing a pro-Islamic agenda. In the recent month, their primary activity has centered around engaging in Al-Aqsa Flood cyber operations. This includes various cyber-attacks in support and aligned with the objectives of Hamas, against Israel. Moreover, Anonymous Sudan has formalized an alliance with the Russian proxy group known as Killnet.

It’s worth noting that this isn’t the first time of a hacking group solicit donations through cryptocurrency. Groups, such as Linked-Iran Blackshadow, which has initiated similar campaigns, actively seeking contributions via digital currencies such as Bitcoin and Monero in 2021-2022. This trend highlights a broader strategy employed by hacking groups, emphasizing the use of decentralized financial systems to fund their operations.

Donations campaign, represent only one aspect of the larger fundraising activities undertaken by hacker groups. In particular, they are known to engage in criminal activities, including the sale of data leaks online and offering hacking services. Such example is a post published by anonymous Sudan under there new channel DDOS stating: “DDOS Services at a discounted price…do you want to destroy your competitor?…payment via BTC… order an attack”.

In recent years, the landscape of so-called hacktivist groups has witnessed a trend characterized by a dual agenda—political and criminal in nature. Initially, these groups seemingly limit their activities to ‘openly’ engaging in cyber operations driven by political motives, using these actions as a showcase of their technical capabilities. However, as their operations progress, a shift occurs.

It appears that these hacker type of groups transition to a second stage, where they more openly embrace criminal activities with the primary goal of financial gain. This evolution involves offering hacking services, the sale of leaked data on various platforms, and engaging in ransomware operations. Such are the cased of “Anonymous Sudan” and “Stormous” hacker group, which had almost identical progression. 

The integration of a criminal agenda alongside political motivations blurs the lines between hacktivism and cybercrime, creating the need for adaptive strategies to address the multifaceted threats posed by these groups.