Anonymous Sudan isn't any more: Two alleged operators named, charged
Gang said to have developed its evilware on GitHub – then DDoSed GitHub
Hacktivist gang Anonymous Sudan appears to have lost its anonymity after the US Attorney's Office on Wednesday unsealed an indictment identifying two of its alleged operators.
The indictment [PDF] named Sudanese nationals Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer as members of Anonymous Sudan. An accompanying announcement accused the pair of "operating and controlling Anonymous Sudan, an online cyber criminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world."
Both were charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.
Those charges stem from incidents in the US that saw attacks on the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, Microsoft, and Riot Games.
Anonymous Sudan is also thought to have attacked OpenAI, the government of France, and Israeli organizations.
The group is believed to have ties to Russia.
- Dutch cops reveal takedown of 'world's largest dark web market'
- Bitcoin creator suspect says he is not Bitcoin creator suspect
- Happy birthday, Putin – you've been pwned
- China claims Taiwan, not civilians, behind web vandalism
The announcement revealed that it had already degraded the crew's capabilities by working with the FBI to seize and disable its Distributed Cloud Attack Tool (DCAT), which the group is alleged to have used for its own DDoS attacks. It's further claimed that Anonymous Sudan offered DCAT as a service to other criminal actors.
The indictment detailed how the accused chatted with clients and prospects on Telegram channels – sending messages such as "I am carrying out an organized attack on the United States. We can target the airport."
After that threat, messages were exchanged that reported on data gathered by internet resource availability monitoring service check-host.net, which was taken as proof that DDoS attacks succeeded.
The indictment also alleges that the crew built an API to its wares and developed code using GitHub – and also launched a DDoS against GitHub in January 2024.
Rebecca Day of the FBI Anchorage Field Office, the special agent in charge of the matter, said "With the FBI's mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cyber crime and defending global cyber security."
Per the Washington Post, the two accused were arrested in March but it is not known in which country they were cuffed, nor if extradition has been effected or is possible.
Maybe the FBI does have limits, after all. ®