2 Sudanese brothers charged with running cyberattack-for-hire gang
A federal grand jury unsealed an indictment against two Sudanese brothers Wednesday, charging them with running "Anonymous Sudan," one of the most prolific cyberattack-for-hire gangs of all time and allegedly behind tens of thousands of attacks.
Federal prosecutors accused Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, of carrying out 35,000 denial-of-service attacks against hundreds of organizations in just one year, taking down websites and other networks as part of an ideologically motivated extortion scheme affecting thousands of customers.
According to prosecutors, the pair targeted a long list of high-profile victims worldwide and across the U.S., including Microsoft, ChatGPT, PayPal, X, Yahoo, airports, the Pentagon, the Department of Justice, Alabama's state government, as well as at least one hospital: Cedars-Sinai in the Los Angeles area.
The group held a "Sudanese nationalist ideology," Martin Estrada, the U.S. attorney for the Central District of California, said in a press conference on Wednesday, charging customers $600 or less to launch major attacks.
"Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks," Estrada said. "This group's attacks were callous and brazen — the defendants went so far as to attack hospitals providing emergency and urgent care to patients," he added.
The group also targeted governmental and private organizations in the Netherlands, Bahrain, United Arab Emirates, Chad, Israel and the U.K.
According to federal prosecutors, Ahmed Salah allegedly created the DDoS attack infrastructure of Anonymous Sudan and then posted messages on Telegram taking credit for the attacks. Alaa Salah allegedly provided computer code and programming support.
A grand jury indictment charged the pair with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.
If convicted of all charges, Ahmed Salah faces a maximum sentence of life in prison related to the attack on Cedars-Sinai hospital, which endangered patients' lives, according to the indictment. Alaa Salah would face a maximum sentence of five years, if convicted.
Estrada said that if found guilty, it would mark the first cybercrime conviction tied to physical harm in the U.S.
Anonymous Sudan's attack on Cedars-Sinai Medical Center in February shuttered emergency services temporarily, causing incoming patients to be redirected to other medical facilities for approximately eight hours.
According to the indictment, Anonymous Sudan operated several Telegram channels, posting "information about their attacks, their DDoS tools and pricing, and their victims," and boasted as many as 80,000 subscribers at one time. The group's operations resulted in more than $10 million in damages to victims in the U.S.
Federal prosecutors allege that since early 2023, the brothers have used the group's Distributed Cloud Attack Tool (DCAT) to conduct devastating and often dayslong DDoS attacks. DDoS attacks — or "distributed denial of service" — barrage websites with traffic, rendering them unusable.
"The FBI's seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world," said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office, in a statement. "With the FBI's mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity."
According to Estrada, both brothers were arrested abroad in March and have been in custody since then, though the U.S. attorney declined to name the country holding them or comment on potential extradition.