A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.
The indictment alleges that since early 2023, the defendants used a Distributed Cloud Attack Tool (DCAT) to conduct destructive DDoS attacks and publicly claim credit for them.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
Anonymous Sudan’s DDoS attacks targeted sensitive government and critical infrastructure targets within the United States and around the world, including:
- Government Agencies: The Department of Justice, the Department of Defense, the FBI, the State Department, and government websites for the state of Alabama.
- Healthcare: Cedars-Sinai Medical Center in Los Angeles, where the attack caused the emergency department to be shuttered, redirecting incoming patients to other medical facilities for approximately eight hours.
- Technology Platforms: Major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers.
The attacks resulted in reported network outages affecting thousands of customers and caused more than $10 million in damages to U.S. victims.
The Investigation and Disruption
In March 2024, the U.S. Attorney’s Office and FBI seized and disabled Anonymous Sudan’s powerful DDoS tool, known as “Godzilla,” “Skynet,” and “InfraShutdown,” through court-authorized seizure warrants.
The warrants authorized the seizures of computer servers that launched and controlled the DDoS attacks, computer servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by Anonymous Sudan.
If convicted of all charges, Ahmed Salah would face a statutory maximum sentence of life in federal prison, and Alaa Salah would face a statutory maximum sentence of five years in federal prison.
The FBI’s Anchorage Field Office conducted the investigation, the Defense Criminal Investigative Service, and the State Department’s Diplomatic Security Service Computer Investigations and Forensics Division, with substantial assistance from various private sector entities, including Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, and SpyCloud.
These law enforcement actions were taken as part of Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure worldwide and holding accountable the administrators and users of these illegal services.
The specific damages reported by the victims of Anonymous Sudan’s attacks were extensive and far-reaching. The attacks resulted in more than $10 million in damages to U.S. victims, with network outages affecting thousands of customers and rendering websites and networks inaccessible or inoperable for several days.
Notably, the attack on Cedars-Sinai Medical Center in Los Angeles forced the emergency department to be shuttered, redirecting incoming patients to other medical facilities for approximately eight hours.
This critical disruption to healthcare services underscores the severity of the attacks and the potential for significant harm to individuals and communities.
The attacks also targeted various government agencies and major tech companies, further highlighting the scope and impact of Anonymous Sudan’s malicious activities.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar