The U.S. Department of Justice has recently indicted two Sudanese brothers believed to be the masterminds behind the cybercriminal group known as Anonymous Sudan. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, are facing charges of conspiracy to damage protected computers for their alleged involvement in orchestrating powerful distributed denial-of-service (DDoS) attacks against various entities, including governments, healthcare organizations, and critical infrastructure.
According to the unsealed indictment, Anonymous Sudan, which emerged in 2023, has carried out over 35,000 DDoS attacks targeting hospitals, companies, and government agencies. The group’s activities have caused significant damages, with over $10 million in losses reported by U.S. victims. Among the victims are major technology companies like Microsoft and Riot Games, as well as popular platforms such as Hulu, CNN, and Netflix.
One of the notable incidents outlined in the indictment involved an attack against Cedars-Sinai Medical Center in Los Angeles, attributed to Ahmed Salah Yousif Omer. The DDoS attack disrupted the operation of the hospital’s emergency department, forcing incoming patients to be redirected to other medical facilities for approximately eight hours. The severity of the attack led to accusations of causing serious bodily injury or death, highlighting the potential dangers associated with cybercriminal activities.
Anonymous Sudan utilized the messaging app Telegram to claim responsibility for their actions and communicate with followers. The group’s Telegram channels reportedly amassed up to 80,000 subscribers, underscoring the reach and impact of their operations. However, in a significant blow to the group, authorities managed to seize and disable the Distributed Cloud attack tool used by Anonymous Sudan, cutting off a crucial element of their cyber arsenal.
In response to the threats posed by Anonymous Sudan, cybersecurity firms like CrowdStrike and cloud services providers like AWS collaborated with law enforcement agencies to disrupt the group’s operations. CrowdStrike described the group as having political motivations and seeking attention, while AWS referred to them as “digital mercenaries” offering DDoS attacks for a fee. These partnerships have proven effective in dismantling the infrastructure and leadership of Anonymous Sudan, resulting in the group becoming inactive since March.
Going forward, experts anticipate limited retaliatory actions from other hacktivist groups associated with Anonymous Sudan, as well as potential attempts by opportunistic actors to exploit the group’s notoriety. Despite these concerns, the consensus among analysts like Alexander Leslie from Recorded Future is that Anonymous Sudan is effectively disbanded, with the disruption actions by law enforcement crippling the group’s operations and dispersing its members.
In conclusion, the indictment and subsequent actions taken against Anonymous Sudan serve as a reminder of the persistent threats posed by cybercriminal organizations and the importance of coordinated efforts to combat them. The case also highlights the evolving landscape of cybercrime, where small groups can leverage advanced tools and techniques to cause significant disruption and financial losses. Moving forward, continued vigilance and collaboration between law enforcement, cybersecurity firms, and technology providers will be essential in mitigating such threats and ensuring the security of online systems and services.