Two Sudanese nationals have been indicted for allegedly leading Anonymous Sudan, a cybercriminal group responsible for over 35,000 Distributed Denial of Service (DDoS) attacks targeting critical infrastructure worldwide. The attacks affected hospitals, government facilities, and corporate networks, including in the United States, and caused over $10 million in damages. Key targets included Cedars-Sinai Medical Center, Microsoft, and the U.S. Department of Defense.

Global sabotage: The U.S. Department of Justice unsealed the indictment, which accuses Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, of conspiring to damage protected computers. The group’s DDoS tool, known as DCAT, was seized in March 2024 through coordinated efforts by the FBI and other law enforcement agencies. The group allegedly offered their DDoS service for sale to other criminals, exacerbating the damage globally.

Disruptions impact: Anonymous Sudan’s attacks were particularly disruptive, including one incident where Cedars-Sinai’s emergency services were incapacitated for eight hours. The group’s activity is linked to widespread network outages and significant operational disruptions across sectors, with hospitals and tech companies among those most impacted.

This action is part of the broader Operation PowerOFF, a multinational effort aimed at dismantling illegal DDoS-for-hire services. If convicted, Ahmed Salah could face life imprisonment, while Alaa Salah faces up to five years. Law enforcement hailed the seizure of the DDoS tool as a significant victory for global cybersecurity.