Summary: The U.S. has charged two Sudanese brothers for operating the hacking group Anonymous Sudan, which has conducted over 35,000 DDoS attacks against critical infrastructure, including U.S. government facilities and hospitals. The FBI recently dismantled their main DDoS tool, DCAT, with assistance from major tech companies.
Threat Actor: Anonymous Sudan | Anonymous Sudan
Victim: U.S. Government and Critical Infrastructure | U.S. Government and Critical Infrastructure
Key Point :
- Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer are accused of leading a hacking group that targeted critical U.S. infrastructure.
- The group is known for its ideologically motivated attacks, often aligning with pro-Russia and pro-Hamas sentiments.
- The FBI successfully took down the group’s primary DDoS tool, DCAT, with help from major tech companies like Amazon and Microsoft.
- The brothers were arrested abroad in March, but their extradition to the U.S. remains uncertain.
The U.S. on Wednesday unsealed charges against a pair of Sudanese brothers, alleging they operated a notorious hacking group that targeted U.S. government facilities, hospitals and other critical infrastructure around the world.
Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer are accused of running Anonymous Sudan, which, since last year, has made a name for launching some 35,000 distributed denial of service, or DDoS, attacks that take down victim organizations’ websites by overwhelming them with bot-generated network traffic.
In March, the FBI took down Anonymous Sudan’s flagship DDoS tool, which the group reportedly used for its own attacks and offered as a service to other criminal networks, the Justice Department revealed in its Wednesday announcement. A slew of private sector tech firms including Amazon, CrowdStrike and Microsoft aided in the takeown efforts.
The key components of the tool, known as DCAT, were taken offline, including servers that launched and managed the DDoS attacks, servers that transmitted attack commands and accounts storing the cyberweapon’s source code.
The group, which operated as a robust hacking-for-hire business, was long assumed to have been secretly run by Russian state operatives pretending to be Sudanese. Many nation-state hacking collectives have masqueraded as independent underground entities that claim to side with certain geopolitical causes but run separate from the assumed sovereign nations.
Anonymous Sudan became known for its ideologically motivated cyberattacks that frequently took pro-Russia and pro-Hamas stances. Their cyberattacks struck critical government and infrastructure targets in the U.S., including the Department of Justice, Defense, FBI, State Department, Cedars-Sinai Medical Center in Los Angeles and Alabama state websites.
Major U.S. tech platforms like Microsoft and Riot Games have also been impacted by the group’s digital assaults, leading to network disruptions impacting thousands of customers, Justice said.
The brothers who allegedly ran the operation were arrested abroad in March, the Washington Post first reported. An official declined to tell the Post what nation they’re being held in and whether they’d be extradited to the United States.
“The FBI’s seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world,” Rebecca Day, an agent at the FBI Anchorage Field Office, said in a statement. “With the FBI’s mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity.”