Anonymous Sudan Leaders Face Life in Prison for 35,000+ DDoS Attacks

Federal prosecutors in the United States have charged two brothers from Sudan with orchestrating one of the most prolific groups involved in contracted cyberattacks. The men are accused of carrying out more than 35,000 DDoS attacks in a single year, including assaults on a U.S. hospital and major American corporations. If convicted, the brothers could face life imprisonment.

According to the indictment, Ahmed Salah Yousif Omer and Alaa Salah Yousif Omer led the group known as Anonymous Sudan, which since January 2023 has targeted websites such as Microsoft, OpenAI, PayPal, and several other entities. The organization claimed a nationalist motive and sold DDoS attack services for as much as $600. Prosecutors stated that the brothers operated with the assistance of three accomplices.

The group also disabled Israel’s Red Alert warning system on October 7, 2023, following the outbreak of the conflict between Hamas and Israel. On their Telegram channel, which has 80,000 followers, Anonymous Sudan expressed solidarity with the Palestinians.

Ahmed Omer was the principal administrator of Anonymous Sudan, and he is believed to be either 21 or 22 years old. Both brothers are well-educated. Prosecutors confirmed that the suspects were arrested abroad in March and have been in custody since, although details regarding the country of arrest and the possibility of extradition to the U.S. have not been disclosed.

During the investigation, computer equipment and software used in the attacks were seized, and no new assaults from this network have been recorded since the arrests. The group employed sophisticated techniques, including deceptive manipulation of cloud services. By using powerful networks to amplify traffic, they were able to disguise their attacks as legitimate requests, significantly complicating detection.

Prosecutors emphasized that, unlike most DDoS attacks, the actions of “Anonymous Sudan” posed a threat to human life. The attack on Cedars-Sinai Medical Center in Los Angeles disrupted access to the patient portal, resulting in ambulances being diverted to other hospitals.

The group used attacks on major companies as advertisements for their services in the criminal market. The brothers’ advanced technical skills allowed them to effectively counter efforts to block their operations. Collaboration between private companies and U.S. authorities played a crucial role in the investigation, uncovering the hackers’ connections through GitHub accounts and email.