Source: www.securityweek.com – Author: Eduard Kovacs
The US Justice Department on Wednesday announced charges against two Sudanese nationals over their alleged roles in the DDoS attacks launched by Anonymous Sudan.
Anonymous Sudan is known for launching highly disruptive DDoS attacks against critical infrastructure, businesses and government organizations around the world. The cybercriminals also offered DDoS attack services to others who wanted to take down websites and online services.
The hacker group has taken credit for cyberattacks on ChatGPT, Associated Press, Microsoft, X, and Telegram, among many others.
Much of the cybersecurity industry believed that Anonymous Sudan was not actually operating out of the African country. Links found to the Russian hacker group KillNet led many to believe that Anonymous Sudan may have been operating out of Russia.
However, it turns out that key members of Anonymous Sudan were in fact from Sudan. The US has unsealed an indictment naming Sudanese nationals Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. The suspects, who are brothers, were charged with one count of conspiracy to damage protected computers, and Ahmed was also charged with three counts of damaging protected computers.
The indictment also mentions three unindicted co-conspirators that were alleged members of Anonymous Sudan. Their identity is known, but they have not been named in court documents.
According to the DoJ, Alaa was responsible for the development of the DDoS attack tool and maintaining its infrastructure, while Ahmed set up and conducted the attacks and handled social media.
While Anonymous Sudan often claimed to be a hacktivist collective, their cyberattacks were not actually politically motivated and instead represented a way of advertising their DDoS attack services.
Advertisement. Scroll to continue reading.
Authorities said the group’s DDoS attack tool, named Distributed Cloud Attack Tool (DCAT), was used to launch more than 35,000 assaults against organizations around the world between January 2023 and March 2024, including healthcare facilities such as the Cedars-Sinai Medical Center in Los Angeles.
For the attack on Cedars-Sinai, which significantly impacted the healthcare organization’s ability to provide treatment, the indictment accuses Ahmed of “causing and attempting to cause physical injury to any person; causing and attempting to cause a threat to public health or safety; and attempting to cause and knowingly and recklessly causing serious bodily injury or death.”
Anonymous Sudan attacks have caused more than $10 million in damages to US victims, according to the DoJ.
Authorities have not said anything about whether the brothers have been detained, but The Washington Post reported that both suspects were arrested in March 2024. It’s unclear where they are being held and whether the US is seeking their extradition.
If convicted on all charges, Ahmed faces a maximum sentence of life in prison, while Alaa faces up to five years in prison.
In March 2024, the cybercrime group’s DDoS tool was disrupted as part of an operation involving law enforcement agencies and private sector organizations that helped in identifying the providers that hosted the servers powering the attacks.
Companies such as Akamai, AWS and CrowdStrike were involved in the operation targeting Anonymous Sudan, and each company has published a blog post summarizing the group’s activities or their contribution to the takedown.
Related: US Charges 3 Iranians Over Presidential Campaign Hacking
Related: Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
Related: After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
Original Post URL: https://www.securityweek.com/anonymous-sudan-ddos-service-disrupted-members-charged-by-us/
Category & Tags: Cybercrime,Tracking & Law Enforcement,Anonymous Sudan,arrested,charged,DDoS,Featured,law enforcement – Cybercrime,Tracking & Law Enforcement,Anonymous Sudan,arrested,charged,DDoS,Featured,law enforcement
Views: 4