Two Sudanese brothers have been charged in the United States for a historic 35,000 Distributed Denial of Service (DDoS) attacks.

In the United States, federal prosecutors have filed charges against two Sudanese brothers for operating a distributed denial-of-service (DDoS) botnet for hire that carried out a record-setting 35,000 DDoS attacks within a single year. These attacks, which included targeting Microsoft's services in June 2023, were executed using the "powerful DDoS tool" of Anonymous Sudan, according to the U.S. Department of Justice.

Ahmed Salah Yousif Omer, aged 22, and Alaa Salah Yusuuf Omer, aged 27, have been charged with conspiracy to damage protected computers. Ahmed Salah also faces three counts of damaging protected computers. If convicted on all charges, Ahmed Salah could potentially receive a maximum sentence of life in federal prison, while Alaa Salah could face up to five years in federal prison. The DDoS tool was reportedly disabled in March 2024, coinciding with the brothers' arrest in an undisclosed location.

The U.S. attorney Martin Estrada described Anonymous Sudan's actions as aiming to create chaos and harm against governments and businesses globally through thousands of cyberattacks. The group, which Microsoft identifies as Storm-1359, initially portrayed itself as a hacktivist group, but investigations revealed its true nature as a digital mercenary squad.

Court documents allege that the defendants and their clients utilized the Distributed Cloud Attack Tool (DCAT) of Anonymous Sudan to carry out numerous destructive DDoS attacks, causing over $10 million in damages to U.S. entities alone. The group provided DDoS services for a fee, offering up to 100 attacks daily at varied pricing tiers.

Law enforcement efforts, under Operation PowerOFF, resulted in the dismantling of the DCAT tool, known in criminal circles as Godzilla, Skynet, and InfraShutdown. The seizure included servers used to launch attacks, relay attack commands, and store source code for the DDoS tools. These actions aimed to disrupt criminal DDoS-for-hire infrastructure globally and hold accountable those involved in illegal services.

Simultaneously, Finnish Customs intervened to disrupt the Sipulitie darknet marketplace, a successor to the previously shut down Sipulimarket. Specializing in drug sales on the dark web since 2023, Sipulitie had been generating a turnover of 1.3 million euros while operating under the guise of anonymity.

The Department of Federal Police (DPF) in Brazil has reported the arrest of a hacker linked to a series of cyber attacks that compromised its own systems and those of various international institutions. This operation, codenamed Operation Data Breach, involved obtaining a search and seizure warrant and a preventive arrest warrant against the suspect in Belo Horizonte.

The individual, identified by aliases USDoD and EquationCorp, is accused of leaking sensitive data of 80,000 InfraGard members, a collaboration between the U.S. government and critical infrastructure sectors. Additionally, the hacker allegedly sold data from the Federal Police on two occasions—May 22, 2020, and February 22, 2022—and disclosed information from Airbus and the U.S. Environmental Protection Agency (EPA).

Credit:TheHackerNews.