The U.S. Department of Justice (DoJ) has indicted two Sudanese nationals for their alleged leadership roles in Anonymous Sudan, a cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks worldwide.
The group is accused of targeting critical infrastructure, hospitals, government facilities, and major tech companies, causing widespread disruptions and millions in damages. The indictment, unsealed today, charges Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, with conspiracy to damage protected computers. Ahmed Salah faces additional charges related to the specific execution of these cyberattacks.
Anonymous Sudan, which emerged in early 2023, allegedly used a powerful DDoS tool known as the Distributed Cloud Attack Tool (DCAT) to launch over 35,000 attacks, including more than 70 directed at systems in Los Angeles alone. Google listed Anonymous Sudan as one of the major cyber threats faced by the recent Olympic Games in Paris, France.
Their high-profile targets included the U.S. Department of Justice, the Department of Defense, the FBI, and hospitals such as Cedars-Sinai Medical Center in Los Angeles. The attacks also disrupted the services of tech giants like Microsoft and Riot Games, severely affecting operations and causing extensive damage to computer networks. The damage caused by these attacks is estimated to exceed $10 million.
Recently, Radware recorded a record-breaking DDoS attack targeting a financial institution in the Middle East, sustaining an average of 4.5 million requests per second (RPS) and reaching an unprecedented 14.7 million RPS. The attack, claimed by threat actor ‘SN_BLACKMETA,' is believed to have been launched from Anonymous Sudan's DDoS platform.
U.S. Attorney Martin Estrada condemned the group's actions, emphasizing the gravity of the attacks, particularly those on hospitals. “Anonymous Sudan sought to maximize havoc and destruction,” Estrada said, noting that their DDoS attack on Cedars-Sinai Medical Center forced the redirection of emergency patients for eight hours, a move that risked lives.
In March 2024, a breakthrough came when U.S. authorities, acting on court-authorized warrants, seized and dismantled Anonymous Sudan's DDoS infrastructure, disabling key components of the DCAT tool. This disruption was crucial in halting further attacks. The tool itself, known by various names including “Godzilla,” “Skynet,” and “InfraShutdown,” had been sold as a service to other cybercriminals, expanding its reach and threat potential.
The FBI's investigation, supported by partnerships with private tech companies such as Akamai, Cloudflare, and Amazon Web Services, was part of a broader international law enforcement effort called Operation PowerOFF. This initiative, involving agencies across borders, aims to dismantle DDoS-for-hire services and hold accountable the individuals behind these operations.
If convicted, Ahmed Salah faces a potential life sentence, while Alaa Salah could face up to five years in federal prison.
Leave a Reply