Blog

Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World

Default Author Image
October 17, 2024

LOS ANGELES – A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.”

“In March 2024, pursuant to court-authorized seizure warrants, the U.S. Attorney’s Office and FBI seized and disabled Anonymous Sudan’s powerful DDoS tool, which the group allegedly used to perform DDoS attacks, and sold as a service to other criminal actors.”

“Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.”

“According to the indictment and a criminal complaint also unsealed today, since early 2023, the Anonymous Sudan actors and their customers have used the group’s Distributed Cloud Attack Tool (DCAT) to conduct destructive DDoS attacks and publicly claim credit for them. In approximately one year of operation, Anonymous Sudan’s DDoS tool was used to launch over 35,000 DDoS attacks, including at least 70 targeting computers in the greater Los Angeles area.”

“Victims of the attacks include sensitive government and critical infrastructure targets within the United States and around the world, including the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama.  Victims also included major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers. The attacks resulted in reported network outages affecting thousands of customers.”

“Anonymous Sudan’s DDoS attacks, which at times lasted several days, caused damage to the victims’ websites and networks, often rendering them inaccessible or inoperable, resulting in significant damages. For example, Anonymous Sudan’s DDoS attacks shuttered the emergency department at Cedars-Sinai Medical Center, causing incoming patients to be redirected to other medical facilities for approximately eight hours. Anonymous Sudan’s attacks have caused more than $10 million in damages to U.S. victims.”

“The March 2024 disruption of Anonymous Sudan’s DCAT tool, called variously ‘Godzilla,’ ‘Skynet,’ and ‘InfraShutdown,’ was accomplished through the court-authorized seizure of its key components. Specifically, the warrants authorized the seizures of computer servers that launched and controlled the DDoS attacks, computer servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by Anonymous Sudan.”

“If convicted of all charges, Ahmed Salah would face a statutory maximum sentence of life in federal prison, and Alaa Salah would face a statutory maximum sentence of five years in federal prison.”

“These law enforcement actions were taken as part of Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure worldwide, and holding accountable the administrators and users of these illegal services.  Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, SpyCloud and other private sector entities provided assistance in this matter.” (Source: US Department of Justice)

See Flashpoint in Action