Newly unsealed grand jury documents reveal that two Sudanese nationals attempted to launch thousands of distributed denial-of-service (DDoS) attacks on systems around the world. The documents claim that these hackers aimed to cause serious financial and technical damage to government agencies and companies, and in some cases, even physical damage.
(DoJ) announced charges resulting in federal grand jury indictments against Ahmed Salah Yousif Omer and Alaa Salah Yusuf Omer. The two are allegedly linked to more than 35,000 DDoS attacks against hundreds of organizations, websites and networks as part of a “hacktivism” scheme as part of the Anonymous Sudan cybercrime group and for-profit cyberattack service.
Although Anonymous claims to be a Sudanese activist group, the pair have also retained some companies and enterprise systems for rates as high as $1,700 per month.
Both face indictments for their roles in coordinated cyberattacks, including conspiracy to harm protected computers. According to court documents filed last June in the U.S. District Court for the Central District of California, Ahmed also faces three additional counts of damaging protected computers and could face the statutory maximum sentence of life in federal prison.
The activity of the brothers coincides with the beginning of 2023. According to the DoJ’s statement, the two used a distributed cloud attack tool (DCAT) known as the “Skynet Botnet” to “perform devastating DDoS attacks and publicly claim credit for them.” Ahmed Anonymous shared the message on Sudan’s Telegram channel, “The US should be ready, this will be a huge attack, just like what we did in Israel, and we will do it “soon” in the US as well.”
One of the indictments listed 145 “overt actions” against organizations and institutions in the United States, the European Union, Israel, Sudan and the United Arab Emirates (UAE). Skynet Botnet attacks have attempted to disrupt services and networks at airports, software networks, and companies such as Cloudflare, X, Paypal, and Microsoft. last June. Attacks have also targeted state and federal government agencies and websites, including the Federal Bureau of Investigation (FBI), the Pentagon and the Department of Justice, and even one major attack at Cedars-Sinai Hospital in Los Angeles, slowing health care services for patients. sent to other hospitals. The attack on the hospital led to hacking charges against Ahmed that carry a potential life sentence.
“3 hours+ and they’re still on hold,” Ahmad wrote on Telegram in February, “trying to fix it but to no avail, we closed our hospitals too, eye to eye…”
FBI special agents working with investigators including Cloudflare, Crowdstrike, Digital Ocean, Google, PayPal and others to carry out attacks against various victims of the pair’s illegal activities, including logs showing they sold access to the Skynet Botnet to more than 100 customers they collected evidence.
According to court records, Amazon Web Services (AWS) was part of a hacking-for-hire scheme as one of Anonymous Sudan’s victims. . AWS security teams worked with FBI cybercrime investigators. Security teams discovered that the attacks came from “a number of cloud-based servers, many of which are hosted at a US server hosting provider.” The discovery helped the FBI determine that the Skynet Botnet attacks came from DCAT, rather than a botnet that delivered DDoS to its victims through cloud-based servers and open proxy resolvers.
Perhaps the group’s most brazen and dangerous attack came in April 2023 against Israel’s Red Alert missile warning system. The mobile app provides real-time updates on missile attacks and security threats. DDoS attacks have attempted to infiltrate some of Red Alert’s Internet domains. Ahmed claimed responsibility for similar DDoS attacks on Israeli utilities, along with the Red Alert attacks on Telegram. The Jerusalem Post news site.
“The attacks by this group were brazen and brazen — the defendants went so far as to attack hospitals that provide urgent and emergency care to patients,” said U.S. Attorney Martin Estrada. “My office is committed to protecting our nation’s infrastructure and the people who use it, and we will hold cybercriminals accountable for the severe damage they cause.”