Federal prosecutors in the United States have charged two Sudanese brothers, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yousif Omer, 27, with operating a distributed denial-of-service (DDoS) botnet that conducted an astonishing 35,000 attacks within a single year. This botnet, utilized by the group known as Anonymous Sudan, targeted critical infrastructure, corporate networks, and government agencies across the globe, including high-profile attacks on Microsoft services in June 2023. The Department of Justice (DoJ) has detailed how the brothers’ powerful DDoS tool was marketed for hire, leading to widespread disruptions and damages.
The brothers face serious charges, with Ahmed Salah potentially facing a maximum sentence of life in federal prison if convicted on all counts. Alaa Salah faces a maximum of five years. The DDoS tool, which has reportedly been disabled since March 2024, played a key role in facilitating massive cyberattacks that overwhelmed the targets with excessive traffic. U.S. Attorney Martin Estrada described the actions of Anonymous Sudan as “callous and brazen,” emphasizing the danger posed by such attacks to critical services, including hospitals.
Anonymous Sudan has been operating since early 2023 and has claimed to be a hacktivist group, but evidence suggests a more sinister agenda as a mercenary crew. The group engaged in various attacks against organizations in Sweden, the Netherlands, Australia, and Germany, often under the guise of political or religious motivations. They also participated in hacktivist campaigns such as #OpIsrael and demonstrated a willingness to collaborate with other groups like KillNet and Türk Hack Team, further highlighting the network of cybercriminal collaboration.
The investigation and subsequent charges against the Omer brothers are part of Operation PowerOFF, a coordinated effort by international law enforcement agencies aimed at dismantling DDoS-for-hire services worldwide. The operation has resulted in the seizure of key components of the DDoS tool, including servers and source code, aimed at disrupting this criminal enterprise. As law enforcement continues to combat cybercrime, the significant rise in DDoS attacks underscores the urgent need for enhanced cybersecurity measures and cooperation among nations to deter such malicious activities.
Reference:
