iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Two brothers have been indicted for their involvement in the Anonymous Sudan threat group, best known for launching distributed denial of service (DDoS) on major organisations and government agencies.
Anonymous Sudan has claimed DDoS attacks on the likes of Microsoft, Ao3, PayPal, Reddit, X (formerly Twitter), Wells Fargo, Cloudflare, ChatGPT and OpenAI, League of Legends, Cambridge University, Meta, French government agencies, and more. The group often claimed that its attacks were hacktivist movements and were in response to attacks on Ukraine.
However, it also sold the use of its Distributed Cloud Attack Tool (DCAT) infrastructure to other threat actors, which was responsible for over 35,000 DDoS attacks in a single year, and it was known to support other pro-Russian and anti-Western, anti-Nato and anti-Israel threat groups such as Killnet and UserSec.
The US Department of Justice (DOJ said that since it began garnering attention in January 2023, the group’s attacks caused over US$10 million (almost A$15 million) in damages to US citizens.
In March this year, the US Attorney’s Office and FBI seized and disarmed the groups DCAT, also known as “InfraShutdown”, “Godzilla”, and “Skynet”. The same month, the group claimed a DDoS attack on the US DOJ but provided no proof of the incident. Since then, the group has remained dark.
Now, the DOJ has unsealed charges against 22-year-old Ahmed Salah Yousif Omer and 27-year-old Alaa Salah Yusuuf Omer. Both were charged with one count of conspiracy to damage computers, while Ahmed Salah faced an additional three counts of damaging protected computers.
“It is remarkable that just two individuals, with a relatively small investment of time and resources, were able to create and maintain a DDoS capability potent enough to disrupt major online services and websites,” said CrowdStrike in a blog post by its Counter Adversary Operations team.
“Their success stemmed from a combination of factors: a custom-built attack infrastructure hosted on rented servers with high bandwidth, sophisticated techniques for bypassing DDoS mitigation services, and the ability to quickly identify and exploit vulnerable API endpoints that, when overwhelmed with requests, would render services inoperable and disrupt user access.”
If convicted and arrested, Ahmed Salah is facing potential life in federal prison, while his brother Alaa Salah faces five years.
“Anonymous Sudan sought to maximise havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyber attacks,” said US attorney Martin Estrada.
“This group’s attacks were callous and brazen – the defendants went so far as to attack hospitals providing emergency and urgent care to patients. My office is committed to safeguarding our nation’s infrastructure and the people who use it, and we will hold cyber criminals accountable for the grave harm they cause.”
Kenneth A. DeChellis, DCIS cyber field office, special agent in charge, said: “These charges and the results of this investigation, made possible through law enforcement and private sector partnerships, have an immeasurable impact on the security of networks in the US and of its allies, and demonstrates the resolve of the Defense Criminal Investigative Service (DCIS) to safeguard the Department of Defense from evolving cyber threats.
“Cyber criminals need to understand that if they target America’s warfighters, they will face consequences.”
Be the first to hear the latest developments in the cyber industry.
