For example, in December 2023, Anonymous Sudan shut down OpenAI’s ChatGPT after a sustained series of DDoS attacks in response to the company’s CEO Tal Broda voicing support for cyberattacks. Israeli Defense Forces fire in Gaza. “More! No mercy! IDF does not stop!” Broda had write on X through a photo of a devastated urban landscape in Gaza and in another post deny the existence of Palestine.
“We will continue to target ChatGPT until the genocide advocate, Tal Broda, is fired and ChatGPT stops taking an inhumane stance towards Palestinians,” Anonymous Sudan responded in a post on Telegram explaining their attacks on OpenAI.
However, Akamai’s Seaman said that Anonymous Sudan’s real goals were not always purely ideological. The group has also offered to sell access to its DDoS infrastructure to other hackers: The group’s Telegram posts as recently as March offered to use their DDoS service, called Godzilla or Skynet, for $2,500 a month. That suggests that even seemingly politically motivated attacks may have a purpose, at least in part, to market the monetization aspect of it, Seaman argues.
“They seem to have thought, ‘We can go in, actually harm people and market this service at the same time,’” Seaman said. He noted that, within the anti-Israel, pro- Palestine of the group after the October 7 attack, “there is definitely an ideological thread in it. But the way it affects the different victims is something that is probably unique to the perpetrators of the attack clearly understand.”
Anonymous Sudan also occasionally attacks targets in Ukraine, apparently collaborating with pro-Russian hacker groups like Killnet. That has led some in the cybersecurity community to suspect that Anonymous Sudan is in fact a Russia-linked operation that uses its Sudanese identity as a front, given its history of using hacktivism of Russia as a fake flag. The charges against Ahmed and Alaa Omer suggest that the group is indeed of Sudanese origin. But beyond the name, the group doesn’t appear to have any obvious ties to the original hacker collective Anonymous, which has been largely inactive for the past decade.
Akamai’s Seaman said that beyond its goals and politics, the group also stands out for its relatively new and effective technical approach: The group’s DDoS service is built by gaining access to hundreds or even even thousands of virtual private servers—often powerful machines provided by cloud service companies—by renting them with fraudulent credentials. It then uses those machines to launch so-called layer 7 attacks, overwhelming web servers with requests for websites, rather than flooding them with lower-level requests for raw internet data. which DDoS hackers tended to use in the past. Anonymous Sudan and its DDoS service clients will then target the victim with large numbers of those Layer 7 requests in parallel, sometimes using techniques known as “multiplexing” or “pipeline” to simultaneously create multiple bandwidth demands on servers until they are taken offline.
For at least nine months, Seaman said, the group’s technical prowess and brazen, unpredictable targeting have made it a top concern for the anti-DDoS community—and for with many victims of this group. “There’s a lot of uncertainty about this group, what their capabilities are, what their motivations are, why they’re targeting people,” Seaman said. “When Anonymous Sudan left, curiosity soared and there was certainly a sigh of relief.”
The Justice Department’s decision to file criminal charges against Ahmed Omer could result in a life sentence for a seemingly haphazard denial-of-service attack, as state-sponsored cyberattacks and ransomware often causing much more serious damage to healthcare networks. said Josh Corman, a researcher at the Institute for Security and Technology who has long focused on hacking targeting healthcare. Corman said he was nonetheless encouraged to see prosecutors recognize that even crude cyberattacks can have serious—and even deadly—consequences for victims .
“Yes, denial of service attacks can degrade and deny patent care, causing loss of life,” Corman said. “While this is a first and may seem arbitrary until we have more details, it is pleasing to see that we understand the enormous consequences of these attacks.”
