Two Sudanese Brothers Accused of Launching Series of DDoS Attacks
In a significant case of cybercrime, two Sudanese nationals face allegations of instigating a massive number of distributed denial of service (DDoS) attacks globally. The recently unsealed grand jury documents depict a chaotic campaign affecting vital infrastructures, targeting various sectors including healthcare, government services, and digital platforms.
The charges against Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer detail their alleged involvement in over 35,000 DDoS assaults on numerous entities. These actions were part of a scheme associated with Anonymous Sudan, a purported hacktivist group, and a for-profit cyberattack service. Despite Anonymous Sudan’s claim to activism, the two allegedly extended their strategy to extortion, demanding payments up to $1,700 monthly from certain entities to halt ongoing attacks.
The indictment extends further, with both facing charges of conspiracy to damage protected computers. Ahmed, in particular, encounters additional allegations, carrying a potential maximum sentence of life imprisonment. This legal action underscores the gravity with which federal authorities view these cyber threats.
According to court filings, the brothers’ cyber onslaught began in early 2023, utilizing a tool known as the Skynet Botnet. This distributed cloud attack mechanism enabled them to execute and publicly claim numerous destructive DDoS attacks. In a taunting message on a Telegram channel associated with Anonymous Sudan, Ahmed ominously warned of impending attacks on the United States, similar to their operations elsewhere.
The grand jury document identified 145 specific acts targeting countries including the US, European Union, Israel, Sudan, and the United Arab Emirates. These acts disrupted services in airports, software companies, and internet service providers like Cloudflare and Microsoft. Federal agencies and healthcare facilities weren’t spared either; the notorious attack on Cedars-Sinai Hospital in Los Angeles caused significant disruption, diverting patients to other facilities. Such an attack exemplifies why charges against Ahmed carry severe penalties.
In a chilling statement on Telegram, Ahmed alluded to the attack on Cedars-Sinai, expressing satisfaction at the chaos they wrought and drawing parallels to regional conflicts.
Further investigation by the FBI revealed evidence of the brothers selling access to Skynet Botnet. Over 100 customers reportedly purchased these services to target an array of victims, suggesting a highly organized cybercrime operation.
Among the entities affected was Amazon Web Services (AWS), which became a victim in the hacking-for-hire enterprise. Security teams at AWS collaborated closely with FBI cybercrime experts to trace the attacks back to a network of cloud-based servers within the US. This insight confirmed that the attacks were routed through Distributed Cloud Attack Technology (DCAT) rather than a traditional botnet.
An audacious attack in April 2023 saw the group targeting Israel’s missile alert system, Red Alert. This mobile application delivers real-time missile and threat alerts, serving as a critical component of Israel’s civil defense strategy. Ahmed claimed responsibility for these attempted cyber intrusions, which also extended to utilities and even a prominent Israeli news website.
“This group’s attacks were callous and brazen — the defendants went so far as to attack hospitals providing emergency and urgent care to patients,” remarked a US Attorney in a press statement. “My office is committed to safeguarding our nation’s infrastructure and the people who use it, and we will hold cybercriminals accountable for the grave harm they cause.”
The unfolding details of this global cyber assault underline the critical need for robust cybersecurity measures and the concerted effort required from international authorities to combat such threats.