Two Sudanese brothers are accused of launching a dangerous series of DDoS attacks

Recently unsealed grand jury documents revealed that two Sudanese nationals allegedly attempted to launch thousands of distributed denial of services (DDoS) attacks on systems around the world. The documents allege that these hacks were aimed at causing serious financial and technical harm, and in some cases even physical harm, to government entities and companies.

(DoJ) unsealed the indictment against Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer, resulting in federal grand jury indictments. The two are allegedly linked to more than 35,000 DDoS attacks against hundreds of organizations, websites and networks as part of a “hacktivism” program run by cybercrime group Anonymous Sudan and a for-profit cyberattack service.

Although Anonymous Sudan claimed to be an activist group, the two also captured the systems of some companies and organizations to extort ransoms of up to $1,700 per month.

Both face charges for their roles in the coordinated cyberattacks, including one count each of conspiracy to damage protected computers. Ahmed also faces three additional counts of damaging protected computers and could receive a statutory maximum sentence of life in federal prison, according to court documents filed last June in the U.S. Central District Court of California.

The brothers’ activities date back to early 2023. The two used a distributed cloud attack tool (DCAT) dubbed the “Skynet botnet” to “conduct and publicly boast about destructive DDoS attacks,” according to a statement from the US Department of Justice. Ahmed posted a message on Anonymous Sudan’s Telegram channel: “The United States must be prepared, it will be a very big attack, just like we did in Israel, we will do it ‘soon’ in the United States. “

One of the indictments listed 145 “overt acts” against organizations and organizations in the United States, the European Union, Israel, Sudan and the United Arab Emirates (UAE). The Skynet botnet attacks in June last year attempted to disrupt services and networks in airports, software networks and companies such as Cloudflare, X, Paypal and Microsoft. The attacks also targeted state and federal government agencies and websites, including the Federal Bureau of Investigation (FBI), the Pentagon and the DOJ, and even hospitals, including a major attack on Cedars-Sinai Hospital in Los Angeles resulted in a slowdown in health care for patients who were diverted to other hospitals. The attack on the hospital led to hacking charges against Ahmed, which carry a possible life sentence.

“More than three hours and it is still holding,” Ahmed wrote on Telegram in February, “they are desperately trying to fix the problem but to no avail. Bombings on our hospitals in Gaza, we closed yours too, an eye for an eye…”

FBI special agents collected evidence of the couple’s illegal activities, including logs showing that they sold access to the Skynet botnet to more than 100 customers to carry out attacks against various victims, working with investigators such as Cloudflare, Crowdstrike, Digital Ocean, Google, PayPal and others have collaborated.

According to court documents, Amazon Web Services (AWS) was one of Anonymous Sudan’s victims in the hacking-for-hire scheme. AWS security teams worked with FBI cybercrime investigators. Security teams determined that the attacks originated from “a number of cloud-based servers, many of which were hosted by a US server hosting provider.” The discovery helped the FBI determine that the Skynet botnet attacks originated from a DCAT and not a botnet that relayed the DDoS attacks to its victims through cloud-based servers and open proxy resolvers.

Perhaps the group’s most brazen and dangerous attack occurred in April 2023 and targeted Israel’s missile warning system called Red Alert. The mobile app provides real-time updates on missile attacks and security threats. The DDoS attacks attempted to infiltrate some red alert internet domains. Ahmed claimed responsibility for the Red Alert attacks on Telegram, as well as similar DDoS attacks on Israeli utilities and the Jerusalem Post News website.

“This group’s attacks were callous and brazen – the defendants even went so far as to attack hospitals that provide urgent and urgent care to patients,” U.S. Attorney Martin Estrada said in a released statement. “My office is committed to protecting our nation’s infrastructure and the people who use it, and we will hold cybercriminals accountable for the serious harm they cause.”