Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan

US authorities have unveiled this week charges against two Sudanese nationals involved in a significant Distributed-Denial-of-Service (DDoS) cybercrime network, following an international investigation that spanned multiple countries. The investigation exposed the activities of Anonymous Sudan, a prolific cybercrime group conducting destructive DDoS attacks to support their ideologically-motivated agenda.

Europol coordinated the European dimension of the investigation, working closely with law enforcement agencies across Europe to identify victims and suspects, ensuring swift action in multiple jurisdictions.

Victims of the attacks include sensitive government and critical infrastructure targets around the world, including the U.S. Department of Justice, the U.S. Department of Defense, the Federal Bureau of Investigation, the U.S. State Department and organisations and governments in Europe. Victims also included major technology platforms and network service providers in the USA.

Anonymous Sudan’s DDoS tool was used to launch over 35 000 DDoS attacks in approximately one year, causing more than USD 10 million (EUR 9 145 000) in damages to victims in the USA alone.

The European dimension of the investigation

Europol’s coordination ensured that European Member States impacted by the DDoS attacks were represented in the investigation. By facilitating cooperation between national authorities and organising coordination meetings, Europol enabled swift action and effective information-sharing across borders, which helped identify the perpetrators and supported the charges now being brought forward. Europol also provided analytical support, synthesising intelligence from various sources to create a comprehensive understanding of the DDoS network.

Authorities in Sweden, Luxembourg and France, alongside the European Union Agency for Cybersecurity (ENISA) and the European Investment Bank, provided crucial intelligence which helped map out the criminal activity and associated infrastructure.
These contributions were essential in supporting both Europol’s coordination efforts and the U.S. authorities.

Disabling the DDoS network

Law enforcement agencies have not only focused on the individuals behind these attacks but have also taken steps to disable the infrastructure that supported their criminal activities.

Back in March 2024, the U.S. Attorney’s Office and FBI also obtained seizure warrants which authorised the FBI to seize and disable Anonymous Sudan’s powerful DDoS tool, which the group allegedly used to perform DDoS attacks, and sold as a service to other criminal actors.

Specifically, the warrants authorised the seizures of computer servers that launched and controlled the DDoS attacks, computer servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by Anonymous Sudan.

A unified international response to DDoS

These law enforcement actions took place as part of Operation PowerOFF, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling criminal DDoS-for-hire infrastructure worldwide, and holding the administrators and users of these illegal services accountable.

In Europe, law enforcement authorities in France, Luxembourg and Sweden took part in the investigation.

In the United States, the Federal Bureau of Investigation (FBI), the Defense Criminal Investigative Service, State Department, and the U.S. Attorney’s Office for the Central District of California took part.