Hacktivist gang Anonymous Sudan has struck again, downing popular fan fiction website Archive of our Own (AO3) with a distributed denial of service (DDoS) cyberattack. The group, which also claimed on Monday to have disabled Reddit with a similar attack for two hours, says it is taking action against the site because of the nature of the content it features.
Archive of our Own went down on Monday, and its admins confirmed later in the day that it had suffered a DDoS attack.
It looks like the Archive is under a DDoS attack causing the servers to fall over. Our volunteer sysadmins are working on countermeasures. Please be patient with us, we’ll be back!
— AO3 Status (@AO3_Status) July 10, 2023
AO3 hosts more than 11 million works of fan fiction covering 57,000 different fandoms. There has been no update on when the site might be restored.
Why has Anonymous Sudan attacked AO3?
Ostensibly an Islamist terrorist gang, Anonymous Sudan said yesterday it attacked AO3 because it is “against all forms of degeneracy, and the site is full of disgusting smuts and other LGBTQ+ and NSFW things”.
The group posted a further message on its Telegram channel today, saying it will continue to target the site if it comes back online. “We can bypass any detection you put, we will make sure your site goes offline for the longest possible time as your ‘experts’ scratch their heads cluelessly to find a solution,” the criminals wrote.
However, security experts believe Anonymous Sudan is actually a Russian hacking gang posing as a splinter group of the original Anonymous hacktivist collective, aiming to cause trouble for Moscow’s enemies in the West.
The AO3 admins wrote on Twitter: “A group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack. Experts do not believe they are honest about their motivation, so we urge caution in believing any reasoning they provide for targeting AO3.
“We do not condone anti-Muslim sentiments under any circumstances. Additionally, to reiterate: cybersecurity experts believe the group claiming responsibility is lying about their affiliation and reasons for attacking websites. View the group’s statements with scepticism.”
Speaking to Tech Monitor last week, Louise Ferrett researcher at cybersecurity vendor Searchlight, said the current iteration of Anonymous Sudan “appears to be aligned with Russia”, in stark contrast to the original group of the same name. “The original Anonymous Sudan collective was first seen during the 2019 political instability period in Sudan,” she said. “This group was anti-Russia and active in local street protests as well.”
A report from another security business, Flashpoint, goes further, stating: “Evidence suggests that Anonymous Sudan are likely state-sponsored Russian actors masquerading as Sudanese actors with Islamist motivations, as cover for their actions against western, or western-aligned, entities.”
Did Anonymous Sudan hack Reddit?
Anonymous Sudan’s targets to date would support the theory that it is pursuing an anti-US agenda. It carried out a successful DDoS attack on Microsoft, taking down the company’s Office 365 services for several hours last month. Anonymous Sudan later claimed to have stolen data from Microsoft, but the company denies this.
It also joined two Russia-supporting groups, Killnet and REvil, in threatening to launch a DDoS campaign against European banks, the SWIFT payments system and the US Federal Reserve. No such attacks were reported following the threats.
On Monday, the gang said it successfully attacked Reddit, taking down the site and its subreddits for two hours. Tech Monitor has approached Reddit for comment on the claims.