The U.S. Justice Department on Wednesday indicted two Sudanese nationals accused of running the “Anonymous Sudan” hacking group that launched tens of thousands of distributed denial-of-service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.
Federal prosecutors unsealed indictments against two brothers, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27.
Both were charged with one count of conspiracy to damage protected computers, and Ahmed Salah was also charged with three additional counts of damaging protected computers.
In the indictment, Ahmed Salah is accused of setting up Anonymous Sudan’s DDoS attack infrastructure and posting messages on Telegram claiming credit for the attacks.
“The United States must be prepared, it will be a very big attack, like what we did in Israel, we will do in the United States ‘soon’,” read the Telegram channel of Anonymous Sudan.
On the other hand, federal prosecutors said that Alaa Salah would allegedly offer computer code and programming support.
According to the indictment and a criminal complaint unsealed on Wednesday, the hacking group’s DDoS attack tool, Distributed Cloud Attack Tool (DCAT), also known as “Skynet Botnet,” “InfraShutdown,” and “Godzilla Botnet,” was used to conduct more than 35,000 destructive DDoS attacks against organizations around the world between January 2023 and March 2024.
These attacks included targeting at least 70 computers in the greater Los Angeles area.
It also targeted Swedish and Danish organizations and critical infrastructure under the tags #OpSweden and #OpDenmark, as well as high-profile victims like Microsoft, X, the U.S. State Department, the Department of Defense, the FBI, the Pentagon, Alabama’s state government, Cedars-Sinai Medical Center in Los Angeles, among others.
Attacks by Anonymous Sudan caused more than $10 million in damages to U.S. victims. However, in March 2024, the U.S. Attorney’s Office and FBI seized and disabled Anonymous Sudan’s “powerful DDoS tool,” which was allegedly used by the hacking group to perform DDoS attacks and sold as a service to other criminal actors.
“Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks. This group’s attacks were callous and brazen—the defendants went so far as to attack hospitals providing emergency and urgent care to patients. My office is committed to safeguarding our nation’s infrastructure and the people who use it, and we will hold cyber criminals accountable for the grave harm they cause,” said United States Attorney Martin Estrada.
“The FBI’s seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world. With the FBI’s mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity,” said Rebecca Day, Special Agent in Charge of the FBI Anchorage Field Office.
Both brothers were arrested abroad in March and have remained in custody ever since. If convicted of all charges, Ahmed Salah could be imprisoned for life in federal prison, while Alaa Salah could receive a statutory maximum sentence of life in federal prison.