The US deactivates Anonymous Sudan’s infrastructure in connection with the wave of DDoS attacks

A federal grand jury unsealed the indictment on Wednesday and announced a previous operation to dismantle Anonymous Sudan, a prolific hacktivist group that has been linked to some of the world’s largest DDoS attacks, including one 2023 attack against Microsoft.

Federal officials has indicted two Sudanese nationalsAhmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, for conspiracy to damage computers. Ahmed Salah was also charged with three counts of damaging protected computers.

In March, the FBI and the U.S. Attorney’s Office, acting on a warrant, disabled and seized a DDoS tool that the group had used to carry out attacks against the U.S. State Department, the Department of Defense, the FBI, Microsoft, Riot Games and Cedars-Sinai Medical Center in Los Angeles and other organizations. The group is also said to have sold the DDoS tool to other threat actors.

“The FBI’s seizure of this powerful attack tool has successfully disabled the attack platform that has caused widespread damage and destruction to critical infrastructure and networks around the world,” Rebecca Day, special agent in charge of the FBI’s Anchorage Field Office, said in a statement opinion. “Thanks to the FBI’s mix of unique agencies, capabilities and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity.”

Since early 2023, Anonymous Sudan operators and their customers used a distributed cloud attack tool to launch more than 35,000 attacks around the world, including more than 70 attacks against targets in the Los Angeles area, officials said.

Victims said it included numerous government agencies, hospitals, network service providers and technology platforms, including Microsoft, Riot Games, Cedars-Sinai Medical Center and government agencies including the U.S. Department of State, the Department of Defense and websites for the state of Alabama and the DOJ.

Microsoft in June 2023 linked anonymous Sudan to a series of attacks on Azure, OneDrive and Outlook. An attack on Cedars-Sinai in February 2024 forced patients to be diverted to other facilities, the indictment says.

A spokesman for Cedars-Sinai declined to comment, citing the ongoing criminal case.

Numerous private companies were involved in the investigation, including Cloudflare, Akamai SIRT, CrowdStrike, Amazon Web Services, Google, Flashpoint and Microsoft.