The U.S. Department of Justice (DoJ) has unveiled charges against two Sudanese brothers, Ahmed and Alaa Omer, linked to the hacktivist group Anonymous Sudan. The accused allegedly orchestrated over 35,000 distributed denial-of-service (DDoS) attacks against hundreds of targets.
“We declare cyber war on the United States,” Ahmed Omer wrote in the Anonymous Sudan Telegram channel in April 2023. The DOJ claims that these actions were not only ideologically driven but also intended to cause physical harm—a rare charge associated with cybercrimes.
Among the targets are Microsoft's Azure services, OpenAI’s ChatGPT, and several global airlines. Particularly troubling is their attack on medical institutions such as Cedars-Sinai Health Systems in Los Angeles, which resulted in significant service disruptions and patient diversions.
“Bomb our hospitals in Gaza, we shut down yours too, eye for eye,” Ahmed Omer allegedly wrote on Telegram at the time of the attack. The document also says the hackers used cyberattacks to disrupt Israel's Tzeva Adom or “Code Red” missile alert app.
Moreover, the group also advertised selling access to its DDoS infrastructure, known as Godzilla or Skynet, for $2,500 a month.
Traditionally seen as mere disruptions, DDoS attacks can escalate to life-threatening levels, especially when healthcare services are targeted.
Martin Estrada, the US attorney involved, emphasized the extremist ideology driving these cyberattacks, which were also used as a tool for extortion and profit through a cyberattack-for-hire model.
Anonymous Sudan also targeted hospitals in the US, Denmark, Sweden, and India. The charges against the Omer brothers may establish a precedent for how DDoS attacks are prosecuted, particularly when they lead to potential loss of life.
This case highlights the grave risks associated with cyberattacks on critical infrastructure, including healthcare facilities. Recently, Indian insurance company Star Health acknowledged being hit by a cyberattack in July, and a threat actor announced selling the data breach on a popular hacker forum, offering free samples via Telegram.