Two Sudanese brothers face federal charges for allegedly operating Anonymous Sudan, a cybercriminal group responsible for over 35,000 DDoS attacks worldwide.
At a Glance
- Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer have been indicted for operating Anonymous Sudan.
- The group allegedly conducted over 35,000 DDoS attacks on critical infrastructure globally.
- U.S. authorities seized and disabled Anonymous Sudan’s DDoS tool in March 2024.
- Ahmed Salah faces a potential life sentence; Alaa Salah faces up to five years in prison.
- The attacks reportedly caused significant damage, including $10 million in damages to Cedars-Sinai Medical Center.
Anonymous Sudan’s Cyber Reign of Terror
The U.S. Department of Justice has unveiled charges against two Sudanese nationals for their alleged involvement in the cybercriminal group Anonymous Sudan. Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer are accused of orchestrating a massive campaign of Distributed Denial of Service (DDoS) attacks that targeted critical infrastructure, government agencies, and healthcare organizations worldwide.
Anonymous Sudan’s operations were far-reaching and devastating. The group reportedly conducted over 35,000 DDoS attacks globally, causing widespread disruption and financial damage. One of the most significant attacks reportedly targeted Cedars-Sinai Medical Center, temporarily shutting down its emergency department and resulting in over $10 million in damages.
Two Sudanese nationals indicted for alleged role in Anonymous Sudan cyberattacks on hospitals, government facilities, and other critical infrastructure in Los Angeles and around the world https://t.co/h2A6xueYxl
— US Attorney L.A. (@USAO_LosAngeles) October 16, 2024
Charges and Potential Consequences
The charges against the Sudanese brothers are severe. Ahmed Salah faces multiple counts, including conspiracy to damage protected computers, and could potentially face life in prison if convicted. His brother, Alaa Salah, has been charged with one count of conspiracy to damage protected computers and could face up to five years in federal prison.
“Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks,” said United States Attorney Martin Estrada. “This group’s attacks were callous and brazen.”
The brothers have been in custody since March 2024, following a coordinated effort by U.S. authorities to disrupt Anonymous Sudan’s operations. This operation, part of the larger international effort known as Operation PowerOFF, successfully seized and disabled the group’s powerful DDoS tool.
Methods and Investigation
Anonymous Sudan’s attacks were reportedly often motivated by pro-Russian and pro-Palestinian causes, as indicated on their Telegram channel. The group allegedly offered DDoS attacks as a service, with pricing tiers and refunds, and reportedly coordinated with pro-Russian DDoS groups. Their tools, including the Skynet Botnet or DCAT, utilized open proxies rather than compromised devices for their attacks.
“The FBI’s seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world,” said FBI Anchorage Field Office Special Agent in Charge Rebecca Day.
The investigation into Anonymous Sudan involved collaboration between the FBI, Defense Criminal Investigative Service, and State Department’s Diplomatic Security Service. Private sector entities, including Amazon, Akamai, Cloudflare, Crowdstrike, and Google, also provided crucial assistance in the investigation.
Sources
- Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World
- Sudanese brothers charged for ‘Anonymous Sudan’ attacks targeting critical infrastructure, government agencies and hospitals
- 2 men charged with Cedars-Sinai cyberattack