{"id":34549,"date":"2024-10-16T22:10:34","date_gmt":"2024-10-16T19:10:34","guid":{"rendered":"https:\/\/sudanevents.com\/?p=34549"},"modified":"2024-10-17T02:12:37","modified_gmt":"2024-10-16T23:12:37","slug":"two-sudanese-nationals-indicted-for-alleged-role-in-anonymous-sudan-cyberattacks-on-hospitals-government-facilities-and-other-critical-infrastructure-in-los-angeles-and-around-the-world","status":"publish","type":"post","link":"https:\/\/sudanevents.com\/index.php\/2024\/10\/16\/two-sudanese-nationals-indicted-for-alleged-role-in-anonymous-sudan-cyberattacks-on-hospitals-government-facilities-and-other-critical-infrastructure-in-los-angeles-and-around-the-world\/","title":{"rendered":"Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World"},"content":{"rendered":"<p><strong>Sudan Events &#8211; Agencies<\/strong><\/p>\n<p>A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world.<\/p>\n<p>In March 2024, pursuant to court-authorized seizure warrants, the U.S. Attorney\u2019s Office and FBI seized and disabled Anonymous Sudan\u2019s powerful DDoS tool, which the group allegedly used to perform DDoS attacks, and sold as a service to other criminal actors.<\/p>\n<p>Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.<\/p>\n<p>\u201cAnonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks,\u201d said United States Attorney Martin Estrada. \u201cThis group\u2019s attacks were callous and brazen\u2014the defendants went so far as to attack hospitals providing emergency and urgent care to patients. My office is committed to safeguarding our nation\u2019s infrastructure and the people who use it, and we will hold cyber criminals accountable for the grave harm they cause.\u201d<\/p>\n<p>\u201cThe FBI\u2019s seizure of this powerful DDoS tool successfully disabled the attack platform that caused widespread damage and disruptions to critical infrastructure and networks around the world,\u201d said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office. \u201cWith the FBI\u2019s mix of unique authorities, capabilities, and partnerships, there is no limit to our reach when it comes to combating all forms of cybercrime and defending global cybersecurity.\u201d<\/p>\n<p>\u201cThese charges and the results of this investigation, made possible through law enforcement and private sector partnerships, have an immeasurable impact on the security of networks in the U.S. and of its allies, and demonstrates the resolve of the Defense Criminal Investigative Service (DCIS) to safeguard the Department of Defense from evolving cyber threats,\u201d said Kenneth A. DeChellis, DCIS Cyber Field Office, Special Agent in Charge. \u201cCybercriminals need to understand that if they target America\u2019s warfighters, they will face consequences.\u201d<\/p>\n<p>According to the indictment and a criminal complaint also unsealed today, since early 2023, the Anonymous Sudan actors and their customers have used the group\u2019s Distributed Cloud Attack Tool (DCAT) to conduct destructive DDoS attacks and publicly claim credit for them. In approximately one year of operation, Anonymous Sudan\u2019s DDoS tool was used to launch over 35,000 DDoS attacks, including at least 70 targeting computers in the greater Los Angeles area.<\/p>\n<p>Victims of the attacks include sensitive government and critical infrastructure targets within the United States and around the world, including the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama. Victims also included major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers. The attacks resulted in reported network outages affecting thousands of customers.<\/p>\n<p>Anonymous Sudan\u2019s DDoS attacks, which at times lasted several days, caused damage to the victims\u2019 websites and networks, often rendering them inaccessible or inoperable, resulting in significant damages. For example, Anonymous Sudan\u2019s DDoS attacks shuttered the emergency department at Cedars-Sinai Medical Center, causing incoming patients to be redirected to other medical facilities for approximately eight hours. Anonymous Sudan\u2019s attacks have caused more than $10 million in damages to U.S. victims.<\/p>\n<p>The March 2024 disruption of Anonymous Sudan\u2019s DCAT tool, called variously \u201cGodzilla,\u201d \u201cSkynet,\u201d and \u201cInfraShutdown,\u201d was accomplished through the court-authorized seizure of its key components. Specifically, the warrants authorized the seizures of computer servers that launched and controlled the DDoS attacks, computer servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by Anonymous Sudan.<\/p>\n<p>An indictment is merely an allegation, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.<\/p>\n<p>If convicted of all charges, Ahmed Salah would face a statutory maximum sentence of life in federal prison, and Alaa Salah would face a statutory maximum sentence of five years in federal prison.<\/p>\n<p>The investigation of Anonymous Sudan was conducted by the FBI\u2019s Anchorage Field Office, the Defense Criminal Investigative Service, and the State Department\u2019s Diplomatic Security Service Computer Investigations and Forensics Division.<\/p>\n<p>Assistant United States Attorneys Cameron L. Schroeder and Aaron Frumkin of the Cyber and Intellectual Property Crimes Section are prosecuting this case, with substantial assistance from Trial Attorney Greg Nicosia of the National Security Division\u2019s National Security Cyber Section. Assistant United States Attorneys Schroeder and Frumkin, along with Assistant United States Attorney James Dochterman of the Asset Forfeiture Section, also obtained the seizure warrants for computer servers constituting Anonymous Sudan\u2019s DCAT tool.<\/p>\n<p>The DOJ Criminal Division\u2019s Office of International Affairs, the FBI\u2019s International Operations Division and Behavioral Analysis Unit, and the U.S. Attorney\u2019s Office for the District of Alaska aided in this investigation.<\/p>\n<p>These law enforcement actions were taken as part of Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure worldwide, and holding accountable the administrators and users of these illegal services. Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, SpyCloud and other private sector entities provided assistance in this matter.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sudan Events &#8211; Agencies A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies in the United States and around the world. In March &hellip;<\/p>\n","protected":false},"author":2,"featured_media":34550,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,25],"tags":[],"class_list":["post-34549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-local","category-news-2"],"_links":{"self":[{"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/posts\/34549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/comments?post=34549"}],"version-history":[{"count":1,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/posts\/34549\/revisions"}],"predecessor-version":[{"id":34551,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/posts\/34549\/revisions\/34551"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/media\/34550"}],"wp:attachment":[{"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/media?parent=34549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/categories?post=34549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sudanevents.com\/index.php\/wp-json\/wp\/v2\/tags?post=34549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}