The arrest and charging of two Sudanese brothers accused of running cybercrime business known as Anonymous Sudan made headlines on Wednesday. The younger brother is facing charges that could potentially lead to a life sentence for allegedly attempting to harm individuals through his cyber attacks.
AnonSudan, also known as AnonSudan, has been operating since at least January 2023 and has been described as a hacktivist group driven by ideological motives. However, according to a criminal complaint filed by the FBI, the high-profile cyber attacks attributed to the group were essentially advertisements for their DDoS-for-hire service. This service was offered to paying customers for as low as $150 a day with up to 100 attacks per day, or $700 for a week.
Contrary to reports suggesting Anonymous Sudan’s ties to state-sponsored Russian actors masquerading as Sudanese hackers with Islamist agendas, the group was actually led by two brothers in Sudan – Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. AnonSudan claimed responsibility for successful DDoS attacks on various U.S. companies, including Microsoft, PayPal, Twitter/X, OpenAI, FBI, and the Department of State.
The brothers allegedly offered a “Limited Internet Shutdown Package” for $500 an hour, which allowed customers to disrupt the internet services of specific countries. Additionally, they extorted money from some victims in exchange for calling off DDoS attacks.
The U.S. Department of Justice stated that the Omer brothers were arrested in March 2024 and have been in custody since then. The government also seized control of AnonSudan’s DDoS infrastructure and servers following their arrest. AnonSudan operated through the instant messaging service Telegram and marketed its DDoS service under various names such as “Skynet,” “InfraShutdown,” and the “Godzilla botnet.”
The DDoS machine built by the Omer brothers utilized a distributed cloud attack tool with a command and control server and a fleet of cloud-based servers. These servers forwarded instructions to an array of open proxy resolvers operated by third parties, which then transmitted the DDoS attack data to the victims. Companies like Amazon assisted in the investigation by explaining how AnonSudan launched attacks through rented servers from hosting companies.
CrowdStrike, a security firm, noted that the success of AnonSudan’s DDoS attacks was due to sophisticated techniques for bypassing DDoS mitigation services, particularly through Layer 7 attacks targeting API endpoints. The Omer brothers were charged with conspiracy to damage protected computers, with Ahmed Salah facing additional counts for damaging protected computers.
It is reported that if extradited to the United States and convicted, Alaa Salah could face up to five years in prison, while Ahmed Salah could potentially serve life imprisonment for launching attacks that threatened people’s lives. AnonSudan’s cyber attacks have had serious consequences, including disrupting emergency services at Cedars-Sinai Hospital in Los Angeles and affecting government services, banks, universities, and hospitals in Kenya.