US charges Anonymous Sudan members over global DDoS attacks

A federal grand jury has indicted two Sudanese nationals for allegedly operating and controlling the cybercriminal group Anonymous Sudan, responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks on critical infrastructure, government facilities, and hospitals worldwide, including in Los Angeles. The indictment, unsealed this week, names Ahmed Salah Yousif Omer, 22, and his brother Alaa Salah Yusuuf Omer, 27, as key figures behind the group’s DDoS activities.

 

Anonymous Sudan is accused of causing widespread damage by targeting essential sectors such as healthcare, government agencies, and corporate networks.

 

The group used a tool known as the Distributed Cloud Attack Tool (DCAT) to launch over 35,000 DDoS attacks between January 2023 and March 2024. These attacks significantly disrupted operations in various regions, including Los Angeles, where healthcare facilities like Cedars-Sinai Medical Center were affected. Patients were forced to redirect, and emergency services were compromised.

The DDoS attacks, often lasting several days, rendered websites and networks inoperable, causing extensive outages and millions of dollars in damages. The Department of Justice (DOJ) has estimated that the group’s activities led to more than $10 million in losses to US victims. While Anonymous Sudan has claimed its attacks were politically motivated, authorities believe the group was primarily advertising its DDoS-for-hire services, often falsely presenting itself as a hacktivist collective.

In March 2024, law enforcement successfully disrupted the group’s operations by seizing key components of its DDoS tool, effectively disabling its capabilities. This operation, coordinated through international law enforcement agencies under the initiative Operation PowerOFF, involved partnerships between government and private sector organisations such as Akamai, Amazon Web Services, Cloudflare, and Microsoft. The takedown was described as a significant blow to global DDoS-for-hire infrastructures.

Ahmed Salah faces one count of conspiracy to damage protected computers and three additional charges related to damaging protected computers. If convicted on all counts, he could face life imprisonment, while his brother, Alaa Salah, who was responsible for developing and maintaining the DDoS tool, faces a maximum sentence of five years in prison.

The investigation into Anonymous Sudan was conducted by the FBI’s Anchorage Field Office, the Defense Criminal Investigative Service (DCIS), and the State Department’s Diplomatic Security Service. Despite their claims of being based in Sudan, early reports linked the group to the Russian hacker collective KillNet, but the indictment confirms that the key figures behind Anonymous Sudan were indeed operating from Sudan.

Authorities continue to monitor cybercriminal activities under Operation PowerOFF, aiming to dismantle global cybercrime infrastructures and hold the responsible actors accountable.