AO3 fanfiction site shut down and extorted by Anonymous Sudan

Archive of Our Own (AO3), a popular fanfiction website, was shut down by the pro-Russian Anonymous Sudan group. The attackers are demanding a ransom payment to end the attack.

Anonymous Sudan, the pro-Russian hacktivist group posing as a pro-Islam hacker collective, has taken down the website of AO3. The popular fanfiction site has been down since yesterday (July 10th), denying users access to over 11 million works from thousands of fans.

“The Archive of Our Own is currently offline due to a DDoS attack. We are working on mitigations and hope to return to service soon,” reads the message on the AO3 website.

Anonymous Sudan demands that AO3 pay a $30,000 ransom to end the distributed denial-of-service (DDoS) attack, threatening to continue the shutdown for weeks. Recently, Anonymous Sudan targeted similarly targeted Scandinavian Airlines (SAS) and Microsoft 365 software suite.

AS Telegram message
Message on Anonymous Sudan's Telegram channel. Image by Cybernews.

“It should be clear by now, it is practically impossible to mitigate our DDoS attack. You need to be realistic and check our DDoS history,” attackers boasted on their Telegram channel.

AO3 is updating fans about the situation on its Twitter account, adding that it’s working to mitigate the attack. The AO3 website was inaccessible at the time of writing this article.

“We do not condone anti-Muslim sentiments under any circumstances. Additionally, to reiterate: cybersecurity experts believe the group claiming responsibility is lying about their affiliation and reasons for attacking websites. View the group’s statements with skepticism,” the AO3 Status Twitter account said.

After the attack began, Anonymous Sudan stated that AO3 normalizes “smut” and “sexual exploitation.” However, the ransom demand points to the attack being a way to extort an organization with a dedicated user base.

Who are Anonymous Sudan?

While the gang is supposedly an anti-Western pro-Islam hacker collective, the group’s origins and modus operandi strongly point to it being a “Made in Russia” project with solid financial backing that regular hacktivists cannot afford.

The gang started out posting in Russian, adopting Arabic only later. Anonymous Sudan targets conveniently align with Kremlin’s policy and exclude Russian targets.

Experts whom Cybernews have discussed Anonymous Sudan with think that the group is linked with another pro-Russian DDoS group, Killnet. The latter went as far as to declare itself a private military hacker corporation, selling its services to the highest bidder.

Anonymous Sudan employs HTTP-based DDoS attacks. While they’re much more efficient than traditional volumetric DDoS attacks, they’re also much more expensive and not frequently used by hacktivists using crowdfunding or internal resources to finance their activities.