U.S. federal prosecutors have charged two Sudanese brothers, Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, with orchestrating one of the most prolific “cyberattack-for-hire” operations in history: Anonymous Sudan. The indictment alleges that the two brothers were key operators behind Anonymous Sudan, a hacking group responsible for 35,000 distributed denial-of-service (DDoS) attacks in 2023.
Anonymous Sudan launched their attacks from a war-torn Sudan with the help of just three accomplices. According to prosecutors, their cybercrimes were ideologically motivated, with the group professing Sudanese nationalist views while charging as little as $600 for their destructive services.
The group’s method of choice, the Layer 7 DDoS attack, exploited cloud networks and amplified internet traffic to overwhelm targeted applications, rendering the website unusable. To execute these attacks, the group defrauded cloud services and rapidly rotated through accounts before the end of billing cycles, effectively masking the source of their activities.
This group primarily targeted government and sensitive critical infrastructure targets within the United States and around the world. Victims in the US include the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center, and government websites of the state of Alabama.
Several private players were also targeted, including Microsoft, OpenAI and Riot Game Inc.
“Anonymous Sudan sought to maximise havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks,” said Martin Estrada, the United States Attorney.
The attacks sometimes continued for days and damaged the victims’ websites and computer networks. The systems were inaccessible, and businesses suffered major losses.
Despite widespread speculation that Anonymous Sudan was a front for Russian intelligence or organised cybercrime, investigators found no evidence of external financial or governmental support, reports The Washington Post.
The FBI led the investigation, with assistance from the Defense Criminal Investigative Service and the State Department’s Diplomatic Security Service Computer Investigations and Forensics Division. The DOJ Criminal Division’s Office of International Affairs and the U.S. Attorney’s Office for the District of Alaska also contributed to the efforts.
Several private players such as Akamai, Amazon Web Services, Cloudflare, Crowdstrike, Digital Ocean, Flashpoint, Google, Microsoft, and SpyCloud are also part of this operation.
In the News: Winamp source code on GitHub deleted after less than a month