US charges duo behind Anonymous Sudan for over 35,000 DDoS attacks

The U.S. Department of Justice is charging two Sudanese nationals allegedly behind Anonymous Sudan for more than 35,000 DDoS attacks on critical infrastructure, hospitals and major technology companies. The FBI seized a powerful DDoS tool; Victims include the DOJ, Microsoft and Cedars-Sinai.

The US Department of Justice (DoJ) has charged two Sudanese nationals for their alleged role in leading the hacktivist group Anonymous Sudan. The group gained notoriety for carrying out “tens of thousands” of large-scale and crippling distributed denial of service (DDoS) attacks, targeting critical infrastructure, corporate networks and government agencies worldwide.

The suspected masterminds behind the attacks

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, are accused of conspiring to damage protected computers. Ahmed Salah faces additional charges of damaging protected computers.

The duo is believed to have controlled Anonymous Sudan, which has launched attacks on high-profile companies such as ChatGPT, the United Arab Emirates’ Flydubai airline, London Internet Exchange, Microsoft and Israel’s BAZAN Group since early 2023.

The group and its customers also used the Distributed Cloud Attack Tool (DCAT) to conduct over 35,000 DDoS attacks. These attacks targeted sensitive government and critical infrastructure in the U.S. and worldwide, including the Department of Justice, Department of Defense, FBI, State Department and Cedars-Sinai Medical Center in Los Angeles.

The attacks, which sometimes lasted for days, reportedly caused extensive damage and often brought down websites and networks. For example, the attack on Cedars-Sinai Medical Center forced the diversion of incoming patients for eight hours, causing over $10 million in damages to U.S. victims.

The FBI seized Anonymous Sudan’s DDoS tool

For your information, DCAT refers to a type of malicious tool or framework that exploits cloud resources in multiple geographical locations to carry out cyberattacks. These tools often leverage the scalability, distribution, and on-demand nature of cloud services to create powerful attack infrastructures.

According to the Department of Justice press release, in March 2024, based on court-approved seizure warrants, the U.S. Attorney’s Office and the FBI successfully disabled and seized Anonymous Sudan’s “powerful DDoS tool.” This tool, which the group allegedly used to carry out attacks and sold as a service to other criminals, was the basis of their operations.

The March 2024 operation that crippled the DCAT tool (also known as “Godzilla,” “Skynet,” and “InfraShutdown”) seized key components, including servers that launched and controlled attacks and servers that relayed commands. The warrants also covered accounts that contained the source code for the DDoS tools.

“Anonymous Sudan sought to maximize the devastation and destruction of governments and businesses around the world,” said U.S. Attorney Martin Estrada. He highlighted the group’s callousness and pointed to attacks on hospitals that provide emergency care. “We are committed to protecting our nation’s infrastructure and holding cybercriminals accountable,” he added.

Operation PowerOFF

These measures are part of Operation PowerOFF, an international initiative to dismantle DDoS-for-hire infrastructure that has been active since 2018. Private companies such as Akamai SIRT, Amazon Web Services, Cloudflare and Microsoft have since played key roles in the dismantling.

In its latest blog post shared with Hackread.com, Akamai SIRT thanked the FBI, the Department of Justice and the Big Pipes Working Group for their commitment to prioritizing DDoS investigations and disrupting these operations.

“Akamai would like to thank the members of the Federal Bureau of Investigation (FBI), the DOJ, and the Big Pipes Working Group for their commitment to prioritizing DDoS investigations and for their time and energy to investigate and attempt to resolve these operations to disrupt,” the company said.

RELATED TOPICS

1. Cyber ​​attack on American Water stops billing
2. The Dark Web cybercrime group has been indicted after stealing $530 million
3. Technician charged with hacking California water treatment plant
4. Russian hacker wanted for cyberattacks on Ukraine, $10 million reward
5. North Korean hacker charged in ransomware attacks on hospitals