Arrested: USDoD, Anonymous Sudan, SEC X account hacker
Law enforcement agencies have arrested suspects involved in cyber attacks claimed by USDoD and Anonymous Sudan, as well as a person involved in the hacking of SEC’s X (Twitter) account.
USDoD
On Wednesday, the Brazilian federal police (Policia Federal) arrested a man in Belo Horizonte, suspected of being the person behind the “USDoD” moniker (previously “EquationCorp” and “NetSec”).
USDoD has claimed the breaches into Policia Federal, Airbus, the US Environmental Protection Agency (EPA), and FBI’s information sharing network InfraGard. Data stolen during those intrusions has been leaked on the dark web.
Anonymous Sudan
Also on Wednesday, the US Justice Department unsealed criminal charges against two Sudanese brothers for allegedly running Anonymous Sudan, ostensibly a hacktivist group that mounted distributed denial of service (DDoS) attacks against various high-profile targets such as PayPay, OpenAI, the FBI, Riot Games, Microsoft.
“Anonymous Sudan’s DDoS attacks, which at times lasted several days, caused damage to the victims’ websites and networks, often rendering them inaccessible or inoperable, resulting in significant damages. For example, Anonymous Sudan’s DDoS attacks shuttered the emergency department at Cedars-Sinai Medical Center, causing incoming patients to be redirected to other medical facilities for approximately eight hours. Anonymous Sudan’s attacks have caused more than $10 million in damages to U.S. victims,” the DOJ says.
The FBI claims that the most high-profile DDoS attacks served as a demonstration of what the group could do and effectively as an advertisement for its paid DDoS services.
In March 2024, the FBI seized and disabled the attack infrastructire the group used for launching over 35,000 DDoS attacks: “computer servers that launched and controlled the DDoS attacks, computer servers that relayed attack commands to a broader network of attack computers, and accounts containing the source code for the DDoS tools used by Anonymous Sudan,” as Europol outlined.
The two brothers were arrested in the same month, but it’s still unknown where they were at that time and whether they will be extradited to the US.
SEC X account hijacker
Finally, on Thursday, the FBI arrested an Alabama man for the January 2024 hijacking of the US Securities and Exchange Commission’s X (Twitter) account via SIM swapping.
“As described in the indictment, [the man], who used online monikers including ‘Ronin,’ ‘Easymunny,’ and ‘AGiantSchnauzer,’ received personal identifying information (PII) and an identification card template containing a victim’s name and photo from co-conspirators. [He] then used his identification card printer to create a fake ID with the information,” the US DOJ alleges.
“[He] proceeded to obtain a SIM card linked to the victim’s phone line by presenting the fake ID at a cell phone provider store in Huntsville, Alabama. He then purchased a new iPhone in cash and used the two items to obtained access codes to the @SECGov X account. He shared those codes with members of the conspiracy, who then accessed the account – and issued the fraudulent tweet on the @SECGov X account in the name of the SEC Chairman, falsely announcing the SEC’s approval of BTC ETFs. He received BTC payment for performing the successful SIM swap.”
SIM swapping schemes can result in devastating financial losses to victims and leaks of sensitive personal and private information, U.S. Attorney Matthew M. Graves noted.
In this case, it’s believed that the man’s conspirators used their illegal access to a phone to manipulate financial markets: after the false announcement about the SEC approving listing Bitcoin ETFs, the price of Bitcoin rose by $1,000 and then fell by $2,000.