Two individuals from Sudan are facing legal action for leading a covert hacking collective aimed at waging “cyberwar on the United States.” Their targets included the FBI, hospitals, streaming services like Hulu and Netflix, CNN, Microsoft, Reddit, and X, as announced by federal prosecutors on Wednesday.

This group, referred to as “Anonymous Sudan,” employed harmful software tools like “Godzilla,” “Skynet,” and “InfraShutdown” to execute extensive cyberattack measures that sought to disrupt major organizations in the U.S. and abroad, as detailed in court documents.

Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer have been indicted on charges of conspiracy and computer damage due to their involvement in the planned cyberattacks through Anonymous Sudan from 2023 until now, according to the Justice Department. The indictment was made public on Wednesday by the U.S. Attorney’s Office for the Central District of California.

These charges align with a growing trend of prosecuting foreign hackers suspected of attempting to sabotage U.S. infrastructure. Notably, this year has seen similar legal actions against alleged cybercriminals from China and Russia who targeted various institutions, including politicians and schools.

The attacks by Anonymous Sudan specifically aimed at the Justice Department, the FBI, Alabama state agencies, Microsoft, and X. According to the Justice Department, the group executed over 35,000 attacks, with approximately 70 directed at the Los Angeles area alone. These cyber activities resulted in damages exceeding $10 million in the U.S.

U.S. Attorney Martin Estrada criticized these actions as “callous and brazen,” particularly highlighting an attack on the emergency department of Cedars-Sinai Medical Center, which forced redirecting incoming patients to other facilities for nearly eight hours.

“Anonymous Sudan aimed to create chaos and destruction across governments and businesses worldwide through tens of thousands of cyberattacks,” Estrada stated.

Authorities: Sophisticated Tactics Used in Cyberattacks

Federal prosecutors noted that the attackers employed Distributed Denial of Service (DDoS) techniques. FBI Special Agent Elliott Peterson explained that this technique overwhelms a target’s computer with excessive data and queries, rendering it unable to function or connect to other devices.

Peterson further revealed that Anonymous Sudan operated its attacks through an internet-connected server and sold access to this resource to others for malicious purposes, allowing more attackers to inflict damage on systems.

Amazon Web Services reported that Anonymous Sudan charged $100 per day, $600 weekly, and $1,700 monthly for these attacks, boasting “numerous clients.”

The group proclaimed their intent to “declare cyberwar on the United States,” with the goal of making it their primary target, as mentioned by Peterson. The attacks were organized using Telegram, a secure messaging platform.

Each successful attack was celebrated in their Telegram chats, as the duo verified their impacts on websites. Peterson noted that they shifted focus to hospitals as a response to ongoing conflicts in the region.

A message in their chat read, “3 hours+ and still holding, they’re trying desperately to fix it but to no avail. Bomb our hospitals in Gaza, we shut down yours too, eye for eye,” in reference to their attack on Cedars-Sinai Health Systems.

Anonymous Sudan expanded its assaults to private companies, indicating in their chats that anyone could be targeted. Victims included Hulu, Netflix, CNN, The Associated Press, Target, and Reddit in 2023, according to federal charging documents. The group escalated attacks on Microsoft’s servers, demanding $1 million to instruct their staff on how to counter this type of attack.

Their list of targets also included nations beyond the U.S. like the Netherlands, France, the European Union, Kenya, Chad, the United Kingdom, Bahrain, Israel, the International Committee for the Red Cross, the United Arab Emirates, and Sudan itself, although no reason was provided for including Sudan.

The attacks ceased when the FBI took control of one of Anonymous Sudan’s tools—referred to at times as “Godzilla,” “Skynet,” or “InfraShutdown”—in March, as per the Justice Department. Authorities secured warrants to confiscate the servers and accounts involved in the cyberattacks.

Ahmed Salah Yousif Omer faces three counts of damaging protected computers and conspiracy, potentially leading to life imprisonment if found guilty of all charges. Alaa Salah Yusuuf Omer has been charged with conspiracy, which could result in up to five years in prison if convicted.

Ongoing Threat of Cyberattacks on U.S. Entities

Anonymous Sudan isn’t the only international cyber group affecting American citizens through attacks.

Earlier this year, in March, the Justice Department indicted seven Chinese hackers for a series of attacks targeting the White House.

Officials, politicians, defense contractors, journalists, and tech companies are involved in recent discussions.

On the same day, the Treasury Department announced sanctions against Wuhan Xiaoruizhi Science and Technology Co. Ltd. The UK government had already imposed sanctions on the same firm in March.

In May, the FBI declared a reward of $10 million for Dmitry Yuryevich Khoroshev, a Russian malware expert. Khoroshev is known for leading the LockBit ransomware group, which targeted Boeing and the UK’s Royal Mail service for extortion.

This Russian national faces numerous criminal allegations related to these incidents. His software played a key role in helping criminals steal data from victims, threatening to publish it unless a ransom was paid.

This year has seen multiple cyberattacks impacting insurance companies, hospitals, and car dealerships. In August, a major breach occurred at National Public Data, a data broker, resulting in the theft of 2.9 billion records, which included sensitive personal information like names, addresses, and Social Security numbers.