FBI unmasks anonymous Sudan hacking group: two Sudanese brothers charged

The U.S. Department of Justice has charged two Sudanese brothers with leading Anonymous Sudan, a hacker group responsible for a string of damaging cyberattacks targeting hospitals, government offices, and major corporations. The indictment, unsealed Wednesday, provides the clearest picture yet of the individuals behind the notorious hacking group, which has launched over 35,000 attacks in the past year.

The two brothers identified as Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer have been charged with one count of conspiracy to damage protected computers, while Ahmed Omer faces three additional counts of damaging protected computers. The FBI, in collaboration with the U.S. Attorney's Office for the Central District of California, also seized the group's hacking tool.

According to information from federal prosecutors, the younger brother, Ahmed Salah (22), allegedly created the DDoS attack infrastructure of the hacking group. He was supposedly also responsible for posting messages on Telegram. His older brother (27), on the other hand, allegedly worked on computer code and programming support.

Details of arrest

According to federal officials, the brothers were arrested abroad in March, as first reported by The Washington Post. However, authorities have refused to reveal in which country the brothers are being held.

Private sector collaboration was key in identifying the brothers. After PayPal suffered an attack, its internal investigation uncovered accounts linked to Anonymous Sudan. This evidence helped the FBI trace email addresses to Ahmed Omer, leading to the unmasking of the group’s leaders.

Why It matters

Anonymous Sudan has been a persistent threat, causing over $10 million in damage to U.S. organizations. Their targets include high-profile companies like Cloudflare, Microsoft, OpenAI, and even the FBI itself. One particularly severe attack forced Cedars-Sinai Medical Center in Los Angeles to redirect emergency room patients to other hospitals for treatment.

Attack method

Anonymous Sudan’s primary attack method was distributed denial-of-service (DDoS) attacks. These attacks overwhelm internet-enabled devices with excessive bot traffic, rendering websites and services inaccessible. The disruptions are significant, as they can prevent customers from making payments or cut off corporate access to vital cloud servers. In some cases, the group demanded ransom payments to cease the attacks.

Court filings revealed that the brothers also sold their hacking tool—known as the Godzilla Botnet, Skynet Botnet, and InfraShutdown—to other cybercriminals, enabling them to carry out large-scale DDoS attacks. More than 100 users are believed to have used the tool, marking an unusual blend of political and financially motivated hacking.

Political motives and misconceptions

Unlike many cybercriminal groups that focus solely on financial gain, Anonymous Sudan appears to be primarily driven by political motivations. The group’s exploits led some security researchers to speculate it was a front for pro-Russian hackers. Officials now believe the two brothers worked alone, with no backing from third-party governments.

What’s next

If convicted, the younger brother Ahmed Salah faces a potential life sentence, while Alaa Salah could get up to five years in prison.