OP 17 October, 2024 - 02:07 PM
In the United States, two brothers from Sudan (Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) have been charged with running the hacker group Anonymous Sudan, which has been carrying out DDoS attacks, including on contract, since 2023. Earlier, in March, American law enforcement agencies carried out an operation against the group and, having received court orders, confiscated part of the infrastructure it used: servers for managing attacks and for transmitting commands to computers involved in attacks, GitHub accounts with the source code of the group's DDoS tools. The main tool that the group and its clients used for attacks was called Distributed Cloud Attack Tool (DCAT), and the names Godzilla, Skynet, and InfraShutdown were also used.
“The attacks targeted sensitive government targets and critical infrastructure in the United States and around the world, including the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and Alabama government websites. Major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers were also targeted. The attacks resulted in network outages affecting thousands of customers.
Anonymous Sudan’s DDoS attacks, sometimes lasting for days, crippled victims’ websites and networks, often rendering them inaccessible or inoperable, causing significant damage. For example, Anonymous Sudan’s DDoS attacks shut down the emergency room at Cedars-Sinai Medical Center, diverting incoming patients to other medical facilities for approximately eight hours. Anonymous Sudan’s attacks caused more than $10 million in damages to U.S. victims.”
In 2023, Anonymous Sudan made its mark in many places, for example, by participating in pro-Palestinian attacks on Israel and repeatedly disrupting ChatGPT.
Among American studies, there was a widespread opinion that Anonymous Sudan was actually connected to Russia. The reason for this was the group's cooperation with the pro-Russian Killnet since its inception.
I believed that the group had nothing to do with Sudan, took the name only as a distraction, and was engaged in politically motivated attacks for self-promotion. In February of this year, Anonymous Sudan already openly began offering a DDoS-for-hire service under the InfraShutdown brand (in March, the group reported carrying out a contract attack on the telecom operator Telecom Armenia).
However, according to the American authorities, the group was still controlled by Sudanese. As the Washington Post clarifies, in March, the administrator brothers were arrested and are still in the hands of law enforcement agencies. But it is unknown where exactly and whether they will be extradited to the United States.
Finally, the Justice Department's press release states that the actions against Anonymous Sudan are part of a large-scale operation called Operation PowerOFF against services that organize DDoS attacks to order. In addition, many private companies helped law enforcement agencies in the operation: Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, SpyCloud and others. According to the Washington Post, the group's GitHub accounts were found by the informal Big Pipes community, which tracks down services that order DDoS attacks.
source :
https://www.crowdstrike.com/en-us/blog/a...indictment
https://www.aboutamazon.com/news/aws/ama...ersecurity
https://www.washingtonpost.com/technolog...tack-gang/
t.me/netblocks/832
https://www.justice.gov/usao-cdca/pr/two...-hospitals
justice.gov/usao-cdca/media/1373581/dl?inline
“The attacks targeted sensitive government targets and critical infrastructure in the United States and around the world, including the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and Alabama government websites. Major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers were also targeted. The attacks resulted in network outages affecting thousands of customers.
Anonymous Sudan’s DDoS attacks, sometimes lasting for days, crippled victims’ websites and networks, often rendering them inaccessible or inoperable, causing significant damage. For example, Anonymous Sudan’s DDoS attacks shut down the emergency room at Cedars-Sinai Medical Center, diverting incoming patients to other medical facilities for approximately eight hours. Anonymous Sudan’s attacks caused more than $10 million in damages to U.S. victims.”
In 2023, Anonymous Sudan made its mark in many places, for example, by participating in pro-Palestinian attacks on Israel and repeatedly disrupting ChatGPT.
Among American studies, there was a widespread opinion that Anonymous Sudan was actually connected to Russia. The reason for this was the group's cooperation with the pro-Russian Killnet since its inception.
I believed that the group had nothing to do with Sudan, took the name only as a distraction, and was engaged in politically motivated attacks for self-promotion. In February of this year, Anonymous Sudan already openly began offering a DDoS-for-hire service under the InfraShutdown brand (in March, the group reported carrying out a contract attack on the telecom operator Telecom Armenia).
However, according to the American authorities, the group was still controlled by Sudanese. As the Washington Post clarifies, in March, the administrator brothers were arrested and are still in the hands of law enforcement agencies. But it is unknown where exactly and whether they will be extradited to the United States.
Finally, the Justice Department's press release states that the actions against Anonymous Sudan are part of a large-scale operation called Operation PowerOFF against services that organize DDoS attacks to order. In addition, many private companies helped law enforcement agencies in the operation: Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, SpyCloud and others. According to the Washington Post, the group's GitHub accounts were found by the informal Big Pipes community, which tracks down services that order DDoS attacks.
source :
https://www.crowdstrike.com/en-us/blog/a...indictment
https://www.aboutamazon.com/news/aws/ama...ersecurity
https://www.washingtonpost.com/technolog...tack-gang/
t.me/netblocks/832
https://www.justice.gov/usao-cdca/pr/two...-hospitals
justice.gov/usao-cdca/media/1373581/dl?inline