On Wednesday the US government announced the arrest and indictment of two Sudanese brothers suspected of running Unknown Sudan (aka AnonSudan), a cybercriminal enterprise known for launching powerful distributed denial-of-service (DDoS) attacks against a variety of targets, including dozens of hospitals, news websites and cloud providers. His younger brother is facing charges that could lead to a life sentence for allegedly trying to kill people for attacking him.
Photo: FBI
Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes. But in a criminal complaint, the FBI said that the most prominent cyberattacks were commercial DDoS-for-hire services for hackers, which they sold to paying customers for as little as $150 a day — with up to 100 attacks allowed per day. – or $700 for the week.
The complaint states that despite reports that Anonymous Sudan may be Russian state-sponsored actors masquerading as Sudanese criminals with Islamic motives, AnonSudan was led by two brothers in Sudan – Ahmed Salah Yousif Omer22, again Alaa Salah Yusuf Omer27.
AnonSudan claimed credit for a successful DDoS attack on several US companies, which caused a multi-day outage on Microsoft’s cloud services in June 2023. PayPal the following month, followed Twitter/X (Aug. 2023), and OpenAI (Nov. 2023). The lawsuit in the Central District of California notes that the two even flooded the websites of The FBI as well as Department of State.
Prosecutors said Anonymous Sudan offered a “Limited Internet Blocking Package,” which would allow customers to block Internet service providers in certain countries for $500 (USD) an hour. The two men are said to be scamming their other victims to get money to cover the DDoS attack.
The government did not say where the Omed brothers were being held, but they were arrested in March 2024 and have been in custody since then. statement of US Department of Justice he says the government also took control of AnonSudan’s DDoS infrastructure and servers after the two were arrested in March.
AnonSudan accepts orders via instant messaging service Telegramand markets its DDoS service under several names, including “Skynet,” “InfraShutdown,” and “Godzilla botnet.” However, the DDoS machine the Omer brothers allegedly built was not built from hacked devices – as is common with DDoS bots.
Instead, the government says Skynet was more like a “distributed cloud attack tool,” with a command and control (C2) server, and an array of cloud-based servers that relayed C2 commands to a series of open proxy solutions operated by third parties, and then relayed DDoS attack data to victims. .
Amazon was among several companies credited with helping the government in its investigation, and said AnonSudan launched its attack by finding hosting companies to hire small armies of servers.
“Where their potential impact becomes greatest is when they gain access to thousands of other machines – often poorly configured web servers – where almost anyone can attack the traffic,” Amazon explained in a blog post. “This additional layer of equipment often hides the true source of the attack on the target.”
A security firm CrowdStrike said the success of AnonSudan’s DDoS attack was due to a combination of factors, including sophisticated techniques to bypass DDoS mitigation services. Also, AnonSudan often introduced so-called “Layer 7” that sought to bypass the target’s “API endpoints” – the back-end systems responsible for handling website requests – with false requests for data, leaving the target unable to provide legitimate visitors.
The Omer brothers were both charged with one count of conspiracy to damage protected computers. His younger brother – Ahmed Salah – has also been charged with three counts of damaging protected computers.
Passport of Ahmed Salah Yousif Omer. Photo: FBI.
If extradited to the United States, tried and convicted in court, his older brother Alaa Salah would face up to five years in prison. But prosecutors say Ahmed Salah could face up to life in prison on charges of assault with intent to kill.
As Hamas fighters breached the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel. At the same time, AnonSudan announced that it was attacking the APIs that power the “red alert” mobile apps widely used in Israel that warn citizens of any incoming rocket attacks on their territory.
In February 2024, AnonSudan launched a digital attack on the area Cedars-Sinai Hospital in the Los Angeles area, the attack caused paramedics and patients to be temporarily relocated to different hospitals.
The complaint states that in September 2023, AnonSudan launched a week-long DDoS attack against Kenya’s internet infrastructure, knocking offline government services, banks, universities and at least seven hospitals.
Source link