Feds: Cyber masterminds targeted FBI, CNN, Hulu, Netflix, Microsoft, X in global plot

Two Sudanese citizens face charges for running a guerilla computer hacking group that sought to "declare cyberwar on the United States" by targeting the FBI, hospitals, Hulu, Netflix, CNN, Microsoft, Reddit and X, among others, federal prosecutors announced Wednesday.

The internet cybercriminal group known as "Anonymous Sudan" used malicious software tools known by such names as “Godzilla,” “Skynet” and “InfraShutdown" to launch a sprawling cyberattack campaign that aimed to wreak havoc on big-name targets throughout the U.S. and beyond, court documents said.

Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer were charged with conspiracy and computer damage for the coordinated cyberattacks through Anonymous Sudan from 2023 to this year, the Justice Department said. An indictment was unsealed Wednesday, according to the U.S. Attorney's Office for the Central District of California.

The charges are the latest against foreign hackers that prosecutors say aimed to disrupt U.S. infrastructures. Suspected cybercriminals from China and Russia face prosecution for similar attacks that targeted politicians, schools and national security this year.

Anonymous Sudan targeted the Justice Department, FBI, government agencies in Alabama, Microsoft and X through the attacks, the justice department said. The group carried out more than 35,000 attacks, 70 targeting the Los Angeles metro area. Their actions caused more than $10 million in damages in the U.S., prosecutors said.

U.S. Attorney Martin Estrada called their actions "callous and brazen" as they attacked the emergency department at Cedars-Sinai Medical Center. The attack forced incoming patients to be redirected to other facilities for nearly eight hours, the Justice Department said.

“Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks,” he said.

Feds: Sudanese criminals used sophisticated means for attacks

Federal prosecutors said the duo carried out the attacks through Distributed Denial of Service. FBI Special Agent Elliott Peterson described the method in court papers where a victim's computer is flooded with data and queries to make it unable to connect with other internet devices or work properly.

Peterson added Anonymous Sudan's server was connected to the internet and was used to perform each attack earlier this year. He wrote that the pair sold credentials to Anonymous Sudan's servers to others, presumably so that other bad actors could cause damage and attempt to infiltrate computer systems.

Amazon Web Services, Amazon's cloud computing platform, said Wednesday that Anonymous Sudan sold the attacks for $100 per day, $600 per week and $1,700 per month and had "plenty of customers."

The group sought to "declare cyberwar on the United States, the United States will be our primary target," Peterson wrote. Attacks were coordinated on Telegram, an encrypted messaging platform.

Each successful attack was celebrated on Telegram as the pair checked websites to confirm the attacks. Peterson said they moved on to hospitals in response to the Israel-Hamas war.

"3 hours+ and still holding, they're trying desperately to fix it but to no avail . . . Bomb our hospitals in Gaza, we shut down yours too, eye for eye," Peterson said they wrote in a Telegram chat about Cedars-Sinai Health Systems.

Anonymous Sudan moved on to private companies, saying in Telegram chats anyone can be a target, Peterson said. Companies like Hulu, Netflix, CNN, The Associated Press, Target and Reddit were all victims of the attacks in 2023, according to federal charging papers. The group escalated their attacks to Microsoft's servers and demanded $1 million to teach their employees how to stop the attack.

The cyber group broadened its victims beyond the U.S., court papers said. The Netherlands, France, the European Union, Kenya, Chad, the United Kingdom, Bahrain, Israel, the International Committee for the Red Cross, the United Arab Emirates and Sudan were all targeted. No explanation was given on why they targeted Sudan.

Attacks stopped when the FBI seized one of Anonymous Sudan's tools called at times "Godzilla," Skynet" and "InfraShutdown" in March, the Justice Department said. Warrants allowed authorities to confiscate computer servers that maintained the attacks and the group's accounts.

Ahmed Salah Yousif Omer was charged with three counts of damaging protected computers and conspiracy. If convicted of all charges, he could face up to life in prison. Alaa Salah Yusuuf Omer was charged with conspiracy and could face up to five years in prison if convicted.

U.S. companies, infrastructure long targets of cyberattacks

Anonymous Sudan isn't the first international crime group upending Americans' lives through the attacks.

In March, the Justice Department charged seven Chinese hackers for a widespread series of attacks that targeted White House officials, politicians, defense contractors, journalists and technology companies.

The Treasury Department announced it sanctioned Wuhan Xiaoruizhi Science and Technology Co. Ltd. that same day. The UK government said it sanctioned the same company in March.

In May, the FBI offered a $10 million reward for malware mastermind Dmitry Yuryevich Khoroshev, of Russia. Khoroshev led and developed LockBit, a ransomware group that attempted to extort Boeing and the UK's Royal Mail service.

The Russian citizen faces a litany of criminal charges for the incidents. His software helped criminals steal victims' data and hold it under threat of publishing if they didn't pay.

This year, cyberattacks disrupted insurance companies, hospital systems, and a car dealership company. In August, National Public Data, a data broker company, suffered a data breach where 2.9 billion records including names, addresses and Social Security numbers were stolen.

Contact reporter Krystal Nurse at [email protected]. Follow her on X, formerly Twitter,@KrystalRNurse.