View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Anonymous Sudan takes down fan fiction site A03, claims Reddit DDoS attack

Hackers claim they object to the site's content, but their actions may instead be designed to sow disquiet among Russia's enemies.

By Matthew Gooding

Hacktivist gang Anonymous Sudan has struck again, downing popular fan fiction website Archive of our Own (AO3) with a distributed denial of service (DDoS) cyberattack. The group, which also claimed on Monday to have disabled Reddit with a similar attack for two hours, says it is taking action against the site because of the nature of the content it features.

Anonymous Sudan AO3
Anonymous Sudan has continued its DDoS campaign with an attack on Archive of our Own. AO3 remains down at the time of writing. (Photo by Postmodern Studio/Shutterstock)

Archive of our Own went down on Monday, and its admins confirmed later in the day that it had suffered a DDoS attack.

AO3 hosts more than 11 million works of fan fiction covering 57,000 different fandoms. There has been no update on when the site might be restored.

Why has Anonymous Sudan attacked AO3?

Ostensibly an Islamist terrorist gang, Anonymous Sudan said yesterday it attacked AO3 because it is “against all forms of degeneracy, and the site is full of disgusting smuts and other LGBTQ+ and NSFW things”.

The group posted a further message on its Telegram channel today, saying it will continue to target the site if it comes back online. “We can bypass any detection you put, we will make sure your site goes offline for the longest possible time as your ‘experts’ scratch their heads cluelessly to find a solution,” the criminals wrote.

However, security experts believe Anonymous Sudan is actually a Russian hacking gang posing as a splinter group of the original Anonymous hacktivist collective, aiming to cause trouble for Moscow’s enemies in the West.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

The AO3 admins wrote on Twitter: “A group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack. Experts do not believe they are honest about their motivation, so we urge caution in believing any reasoning they provide for targeting AO3.

“We do not condone anti-Muslim sentiments under any circumstances. Additionally, to reiterate: cybersecurity experts believe the group claiming responsibility is lying about their affiliation and reasons for attacking websites. View the group’s statements with scepticism.”

Speaking to Tech Monitor last week, Louise Ferrett researcher at cybersecurity vendor Searchlight, said the current iteration of Anonymous Sudan “appears to be aligned with Russia”, in stark contrast to the original group of the same name. “The original Anonymous Sudan collective was first seen during the 2019 political instability period in Sudan,” she said. “This group was anti-Russia and active in local street protests as well.”

A report from another security business, Flashpoint, goes further, stating: “Evidence suggests that Anonymous Sudan are likely state-sponsored Russian actors masquerading as Sudanese actors with Islamist motivations, as cover for their actions against western, or western-aligned, entities.”

Did Anonymous Sudan hack Reddit?

Anonymous Sudan’s targets to date would support the theory that it is pursuing an anti-US agenda. It carried out a successful DDoS attack on Microsoft, taking down the company’s Office 365 services for several hours last month. Anonymous Sudan later claimed to have stolen data from Microsoft, but the company denies this.

It also joined two Russia-supporting groups, Killnet and REvil, in threatening to launch a DDoS campaign against European banks, the SWIFT payments system and the US Federal Reserve. No such attacks were reported following the threats.

On Monday, the gang said it successfully attacked Reddit, taking down the site and its subreddits for two hours. Tech Monitor has approached Reddit for comment on the claims.

Read more: Japan’s Port of Nagoya paralysed by LockBit ransomware attack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU