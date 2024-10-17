The U.S. Department of Justice indicted two Sudanese brothers allegedly behind Anonymous Sudan, a cybercriminal group known for conducting powerful DDoS attacks against governments, healthcare organizations and critical infrastructure.

On Wednesday, the DOJ unsealed the indictment against 22-year-old Ahmed Salah Yousif Omer and 27-year-old Alaa Salah Yusuuf Omer, which included conspiracy to damage protected computer charges. The brothers are accused of running Anonymous Sudan, a cybercriminal group the DOJ says is responsible for "tens of thousands" of DDoS attacks against hospitals, companies and government agencies, including the DOJ and FBI.

Since emerging in 2023, the DOJ said Anonymous Sudan has launched more than 35,000 DDoS attacks. However, in March, authorities seized and disabled the Distributed Cloud attack tool the group used for attacks and allegedly sold as a service to other cybercriminals.

Anonymous Sudan victims range in sectors from critical infrastructure and government to major U.S. technology companies like Microsoft and Riot Games. Additional victim organizations include Hulu, CNN and Netflix.

"Anonymous Sudan's DDoS attacks, which at times lasted several days, caused damage to the victims' websites and networks, often rendering them inaccessible or inoperable, resulting in significant damages," DOJ wrote in the press release. "For example, Anonymous Sudan's DDoS attacks shuttered the emergency department at Cedars-Sinai Medical Center, causing incoming patients to be redirected to other medical facilities for approximately eight hours. Anonymous Sudan's attacks have caused more than $10 million in damages to U.S. victims."

The unsealed indictment expanded on the attack against L.A.-based Cedars-Sinai and attributed it to Ahmed Salah Yousif Omer. The indictment stated it affected patient medical examination, diagnosis, treatment and care. It accused Omer of "attempting to cause and knowingly and recklessly causing serious bodily injury or death."

Anonymous Sudan used Telegram, a cloud-based messaging and social media app, to publicly claim responsibility. The DOJ found a Telegram message where Omer allegedly claimed responsibility for any damage to Cedar-Sinai as well as "collateral damage."

Anonymous Sudan frequently used Telegram to post information on attacks as well as their DDoS tools and pricing. The DOJ said the some of the group's Telegram channels grew to include as many as 80,000 subscribers.

Telegram's founder and CEO Pavel Durov was recently arrested in France for allegedly facilitating cybercrime activities on the platform. The charges allege the platform was used for an array of illicit activities, including drug trafficking, money laundering, and the sale of malware and stolen data. Many cybercriminal groups use Telegram to promote their attacks, sell tools and services, and boost their reputations.

If convicted, Ahmed Salah faces a maximum life sentence and Alaa Salah faces a maximum five-year sentence.