When SVT Nyheter was in contact with Anonymous Sudan via the Telegram app on Tuesday, it was established that the hacker group's next target is Denmark.

They also later published a message on their official channel that the neighboring country would be cyber-attacked.

Several Danish airports suffered problems on Wednesday, but after 61 of the group's servers were successfully identified and shut down by Swedish private actors last night, it has been quiet.

- This has probably temporarily averted the attacks.

Things will certainly happen in the future, but they have to regroup and establish new IT infrastructure, says Marcus Murray, founder of the IT security company Truesec.

The approach of the security actors

As part of Truesec's investigation into Anonymous Sudan, partner company Baffin Bay conducted an analysis of the attack traffic, and that's when the source was discovered.

- You could follow the traffic that hits all websites to certain servers, and behind these you then found these additional 61 that controlled and directed the attacks, says Murray.

The group has an unusual approach

But the base servers controlling the attack servers weren't the only thing discovered during the crackdown.

- These servers were located in the multinational IT company IBM's cloud in Germany.

And it's not completely free, so it shows that this attacker has the financial means to buy IT infrastructure with, says Murray.

Activists or "ordinary hackers" normally use hacked computers, the IT expert says, while Anonymous Sudan buys equipment in professional cloud services.

- It is behavior that you normally only see in nation states, says Marcus Murray.

See what we know about the hacker group in the clip below.

Javascript is disabled

Javascript must be enabled to play video

Read more about browser support

What do we know about "Anonymous Sudan", and what details could instead point in a Russian direction?

Watch the video.

Photo: TT