A popular fanfiction site, Archive of Our Own (AO3), has intermittently been going offline in recent hours after being hit with a crippling cyberattack earlier this week.
The site’s users in the UK and US submitted more than 1,500 outage reports on Wednesday afternoon, according to website activity tracker Down Detector.
A03 said it suffered a distributed denial of service attack (DDoS) on Monday, which involves large amounts of traffic being directed towards a website or server to overload it.
“The Archive is experiencing some issues (as many of you have noticed). We’re looking into it, please stand by!” AO3’s official Twitter status account initially tweeted.
It later added: “It looks like the Archive is under a DDoS attack causing the servers to fall over. Our volunteer sysadmins are working on countermeasures. Please be patient with us, we’ll be back!”
A cybercrime group that experts have linked to Russia has taken credit for the attack, which appears to be a hacking for extortion scheme. The prolific outfit known as Anonymous Sudan has previously targeted hospitals, banks and email services worldwide.
The group said on Tuesday it would halt all DDoS attacks immediately if Archive of Our Own transferred $30,000 (£23,200) into its bitcoin wallet within 24 hours, according to a message shared on chat app Telegram.
It looks like the Archive is under a DDoS attack causing the servers to fall over. Our volunteer sysadmins are working on countermeasures. Please be patient with us, we'll be back!
— AO3 Status (@AO3_Status) July 10, 2023
It threatened to keep the site down for weeks if the money wasn’t paid by the deadline.
Archive of Our Own hosts more than 11 million user-generated works of literature, from short stories to novels and renowned series such as Harry Potter and Marvel. The service, which launched in 2008, is operated by the non-profit Organization for Transformative Work.
Cybersecurity experts have rubbished Anonymous Sudan’s claims that it is a politically motivated “Islamic hacktivist” operation based out of its namesake African country.
Instead, they suggest the group belongs to an ecosystem of Russian hacking collectives, with names including KillNet and UserSec.
These crews work closely to spread pro-Kremlin propaganda and to target Ukraine’s allies in the West, according to cybersecurity firm TrueSec.
According to Archive’s Twitter account, “a group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack. Experts do not believe they are honest about their motivation, so we urge caution in believing any reasoning they provide for targeting AO3.”
The site said earlier on Friday that it was working to mitigate the DDoS attacks, which could cause visitors to see or encounter error messages or display issues on the site. It was later forced to disable certain functionalities on its site, including the ability to request new account invitations and its policy questions and abuse reports.