Government attorneys in the U.S. have pressed charges against two brothers from Sudan for operating a botnet specialized in denial-of-service (DDoS) attacks for hire which executed an unparalleled 35,000 DDoS campaigns in a solitary year, including those that aimed at Microsoft’s platforms in June 2023.
The onslaughts, enabled by the “powerful DDoS instrument” of Anonymous Sudan, targeted critical facilities, company networks, and governmental bodies in the United States and across the globe, as asserted by the U.S. Department of Justice (DoJ).
Ahmed Salah Yousif Omer, aged 22, and Alaa Salah Yusuuf Omer, aged 27, have been accused of a single charge of scheming to harm guarded computers. Ahmed Salah is additionally blamed for three counts of harmful acts against secured computers.
If found guilty of all allegations, Ahmed Salah is liable for a maximum prison term of life under federal jurisdiction, while Alaa Salah is facing a maximum prison sentence of five years. The DDoS tool was reportedly deactivated in March 2024, the same month the duo were captured in an unidentified country.
“Anonymous Sudan aimed to escalate chaos and wreckage against governments and enterprises globally by carrying out tens of thousands of cyberattacks,” stated U.S. attorney Martin Estrada.
“The attacks by this group were cold-blooded and bold—the accused went to the extent of targeting hospitals that deliver emergency and immediate care to patients.”
Tracked by Microsoft as Storm-1359, Anonymous Sudan surfaced at the beginning of 2023, coordinating assaults on Swedish, Dutch, Australian, and German entities. Despite purporting to be a hacktivist ensemble, the accusations expose that it was just a facade for their real nature, a digital mercenary squad.
“Following an initial involvement in a brief pro-Russian hacktivist operation, Anonymous Sudan carried out a series of DDoS strikes imbued with apparent religious and Sudanese nationalist motivations, inclusive of campaigns against Australian and Northern European entities,” Crowdstrike indicated.
“The outfit also actively engaged in the annual #OpIsrael hacktivist operation. Throughout these initiatives, Anonymous Sudan showed eagerness to collaborate with fellow hacktivist factions like KillNet, SiegedSec, and Türk Hack Team.”
Official papers suggest that the Anonymous Sudan operatives and their clients utilized the faction’s Distributed Cloud Attack Tool (DCAT) to execute myriad destructive DDoS assaults and publicly assert responsibility for them, causing upwards of $10 million in destruction exclusively to U.S. victims.
As per Amazon Web Services (AWS), DDoS services were retailed to potential customers for $100 daily, $600 weekly, and $1,700 monthly. The service purportedly allowed up to 100 strikes daily.
The DCAT instrument, peddled in the illicit underworld under monikers such as Godzilla, Skynet, and InfraShutdown, has been dismembered as part of a court-approved seizure of its primary components, comprising servers leveraged for launching the DDoS offensives, servers handling attack directives for a broader network of attack devices, and accounts concealing the source code for the DDoS utilities used by the squad.
“These law enforcement activities were implemented as part of Operation PowerOFF, an ongoing, well-coordinated endeavor among international law enforcement organizations aimed at disbanding criminal DDoS-for-hire infrastructures worldwide, and prosecuting the overseers and patrons of these illicit services,” the DoJ mentioned.
This development unfolds as the Finnish Customs office (aka Tulli) disrupted the Sipulitie darknet marketplace — a successor to Sipulimarket that was shut down by law enforcement in 2020 – which specialized in narcotics trade and had been in operation on the dark web since 2023.
“The Finnish and English website was exploited for criminal operations, like trading drugs under the guise of anonymity,” Tulli articulated. “The web admin acknowledged in public forums that Sipulitie’s revenue amounted to 1.3 million euros.”
Additionally, the Federal Police Department (DPF) in Brazil reported the arrest of a hacker involved in numerous cyber assaults that breached its own systems and those of other global organizations.
Under the moniker Operation Data Breach, the operation saw the execution of a search and confiscation warrant and a preventative apprehension warrant against the accused in Belo Horizonte on accusations of disclosing sensitive information associated with 80,000 members of InfraGard, a cooperative venture between the U.S. government and essential infrastructure sectors.
The individual, unidentified but known as USDoD and EquationCorp, is further accused of selling data from the Federal Police twice, on May 22, 2020, and February 22, 2022, and leaking data from Airbus and the U.S. Environmental Protection Agency (EPA).
About Author
