US Department of Justice (DoJ) two Sudaneses for running Anonymous Sudan Cyberattacks

Paragraph[German]Successful investigation by US prosecutors against the group Anonymous Sudan, which was responsible for numerous DDoS attacks (including on Microsoft, Cloudflare, OpenAI, etc.). Two Sudanese brothers have been charged with operating the group and carrying out numerous DDoS attacks.

Background to Anonymous Sudan

The group first appeared in 2023 – and has been responsible for numerous serious DDoS attacks since then. Here on the blog, I published various articles on incidents that were subsequently attributed to Anonymous Sudan (see links at the end of the article).

Russian hackers were initially suspected in various Microsoft cloud outages in the summer of 2023. Anonymous Sudan later claimed responsibility for the DDoS attacks, which, according to the group's Telegram channel, were politically motivated (pro-Pussian, pro-Palestinian).

Anonymous Sudan on MS Azure Outage

I recall my post Microsoft Azure outage (June 9, 2023); what's going on, where I showed the above post to the group – but Microsoft stated that they were still puzzling over why there were Azure Cloud outages. At that time, there were disruptions to Microsoft services for a whole week.

US judiciary indicts two suspects

Wednesday, October 16, 2024, the US Department of Justice (DOJ) announced a success against Anonymous Sudan. In an indictment, two Sudanese nationals (two brothers) are accused of operating and controlling the group Anonymous Sudan.

The indictment accuses the brothers of being a cybercriminal online group responsible for tens of thousands of distributed denial of service (DDoS) attacks against critical infrastructure, corporate networks and government agencies in the United States and around the world. The brothers are believed to be responsible for over 35,000 DDoS attacks per year.

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with conspiracy to damage protected computers in the United States. Ahmed Salah is also charged with three counts of damaging protected computers.

It is currently unclear whether the two defendants will ever be imprisoned following a conviction in US courts (until then, of course, the presumption of innocence applies). If convicted on all charges, Ahmed Salah faces a statutory maximum sentence of life imprisonment and Alaa Salah faces a statutory maximum sentence of five years in a US federal prison.

Broad investigation and seizure

According to the US Department of Justice, the US Attorney's Office and the FBI were able to strike on the basis of court-approved seizure orders in March 2024. At that time, the powerful infrastructure (DDoS tool – specifically referred to in the indictment as the "Distributed Cloud Attack Tool (DCAT) ") was seized and deactivated. According to the indictment, these tools were used by Anonymous Sudan to carry out DDoS attacks and were also sold as a service to other criminal actors.

Anonymous Sudan's DCAT tool, also referred to as "Godzilla", "Skynet" and "InfraShutdown", was shut down through the court-authorized seizure of its key components. The servers used to carry out and control the DDoS attacks were seized. Investigators also gained access to the computers that relayed the commands to the wide network of attack computers, as well as to the accounts containing the source code for the DDoS tools used by Anonymous Sudan.

The investigation into Anonymous Sudan was conducted by the FBI Anchorage Field Office, the Defense Criminal Investigative Service, and the Diplomatic Security Service Computer Investigations and Forensics Division of the Department of State. Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, SpyCloud and other private sector companies have assisted in the matter, it said.

"Anonymous Sudan has attempted to cause harm and destruction against governments and businesses around the world with tens of thousands of cyberattacks," United States Attorney Martin Estrada is quoted as saying. "This group's attacks were callous and brazen – defendants even went so far as to attack hospitals that provide emergency and critical care to patients. … we will hold cybercriminals accountable for the serious harm they do."

The FBI is confident that the seizure of this powerful DDoS tool has successfully shut down the attack platform that has caused widespread damage and disruption to critical infrastructure and networks around the world.

The unmasking of those behind the attack, which led to the indictment, was arguably accomplished through cooperation between U.S. law enforcement and the private sector. It often appears in such operations that "the head of the Medusa has been cut off, but a new group immediately emerges". However, the successes show that cyber criminals can never be sure that they will not be exposed and convicted or held accountable for their actions. (via)

Similar articles
Exchange Online down for hours (June 5, 2023)
Outlook.com and OneDrive down – consequence of cyber attacks? (June 8, 2023)
Microsoft Azure outage (June 9, 2023); what's going on?
Microsoft's cloud outage was result of a DDoS attack
Cloud outages: Microsoft reveals details of DDoS attack by Anonymous Sudan/Storm-1359
Anonymous Sudan: Microsoft denies data leak of 30 million customer accounts

This entry was posted in Cloud, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *