Two men from Sudan were accused of their involvement in several cyberattacks on company networks, government organizations, and critical infrastructure organizations in the U.S. They were also connected to the attack on Cedars-Sinai Medical Center located in Los Angeles in February 2024 that prompted the redirection of patients to other medical facilities for 8 hours. Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer are suspected members of Anonymous Sudan, an online cybercriminal group. The group is known for its activity since the middle of January 2023 and has carried out over 35,000 distributed denial-of-service (DDoS) attacks around the world.
Although a lot of cybercriminal groups are mostly financially driven, Anonymous Sudan says it is a hacktivist group that attacks targets it thinks are anti-muslim, partly to support Palestine, though the group has tried to demand ransom money from a few victims. Because the group’s attacks are quite sophisticated, there are suggestions that the group has substantial financial resources backing, and could possibly be state-sponsored. Although the group doesn’t have a clear direct association with any one state, according to CheckPoint’s Cyberint research group, the group’s attacks seem to support the interests of Iran and Russia. The group, however, confessed to having complex motives for all its cyberattacks.
Anonymous Sudan mainly performs DDoS attacks with the purpose of disrupting targeted companies and governments and deliberately wrecking secured computers. The group admits responsibility for its attacks and wants publicity by posting on famous channels, usually bad-mouthing and ridiculing its victims. The United States Attorney’s Office for the Central District of California published last week a federal grand jury indictment charging the two Sudanese men with one count of conspiracy to ruin secured computers and claims they were behind the operation of Anonymous Sudan.
In March 2024, the FBI and the U.S. Attorney’s Office took over and deactivated Anonymous Sudan’s Distributed Cloud Attack Tool (DCAT), which it uses to perform several destructive DDoS attacks in the U.S. The group also offers this as a paid service to different cybercriminal threat groups. Some victims of the group include the U.S. Department of Defense, the State Department, the Department of Justice, the state of Alabama, and technology platforms like Microsoft and Riot Games. Anonymous Sudan has performed attacks resulting in substantial disruption and over $10 million in losses to U.S. victims. If the court of law finds these men guilty of all the charges, Ahmed Salah Yousif Omer will serve a life sentence in federal prison, while Alaa Salah Yusuuf Omer will serve a 5-year sentence in federal prison.
HIPAA-covered entities need to be sure to include awareness of these cybercriminal groups and their tactics in their HIPAA employee training to protect their company against attacks.
