On August 2, 2023, MTN Nigeria, the countrys largest telecom operator, became the target of one of the most extensive Distributed Denial of Service (DDoS) attacks ever recorded against a corporate entity in West Africa. The cyberattack, claimed by the notorious hacktivist group Anonymous Sudan, tested the companys cybersecurity infrastructure and highlighted the growing threat of coordinated digital assaults across the continent.
This was not an isolated event. Days earlier, on July 27 and 28, Kenya had been rocked by a wave of DDoS attacks that crippled public and private systems: the governments eCitizen portal went offline, Kenya Power and Lightings prepaid token system was disrupted, and access to banks, hospitals, and even M-Pesa, East Africas dominant mobile money service, was severely compromised. Tanzania and other nations soon followed. A pattern was forming, and MTN Nigeria knew they might be next.
Shoyinka Shodunke, MTN Nigerias Chief Information Officer, recalled the warning signs. It was not just limited to Nigeria. There had been attacks going on in Kenya, Tanzania, and a whole lot of other African countries, he told TechCabal in an interview. We predicted they might shift to Nigeria.
Anonymous Sudan also launched similar DDoS attacks in Uganda on February 6, 2024, targeting Airtel, MTN, and Uganda Telecom.
With early warning indicators in sight, MTN Nigeria activated its internal security protocols. While the company did not disclose specific details, the telecom industrys best practices for defending against Distributed Denial-of-Service (DDoS) attacks typically involve a multi-layered, defense-in-depth strategy. This approach combines proactive monitoring, intelligent traffic filtering, and automated mitigation systems. It begins with constant network traffic surveillance, leveraging AI and machine learning tools to detect anomaliessuch as sudden traffic spikes or irregular patternsthat could signal an attack.
Upon detection, operators often scale up bandwidth to absorb the surge, apply rate limiting and access control lists (ACLs) to block suspicious traffic, and deploy cloud-based DDoS mitigation services to filter out malicious data before it reaches core systems.
DDoS is like the low-hanging fruit for most organisations if they are not prepared, said Peter Obadare, a Professor of Practice in Cybersecurity, Miva Open University. The truth is, if hackers cant get in, they use a DDoS attack. They flood your system or network with overwhelming traffic from multiple sources, making it difficult to distinguish between legitimate and malicious requests. The goal is to exhaust the systems resources, making it unavailable to users.
As part of its coordinated response, MTN Nigeria promptly alerted key government and industry stakeholders, including the Office of the National Security Adviser (ONSA), the Nigerian Communications Commission (NCC), and the Ministry of Communications, Innovation and Digital Economy, about the imminent threat. However, before full defensive measures could be deployed across the ecosystem, the first signs of network disruption began to surface.
A Distributed Denial of Service (DDoS) attack occurs when malicious actors flood a server or network with excessive traffic from multiple sources, often hijacked computers known as zombies or botnets, to the point where legitimate users are unable to access the service. Its the digital equivalent of hundreds of thousands of people trying to enter a building at once, overwhelming the entrances until even employees cant get inside.
These attacks are rarely random. They are often motivated by geopolitical tension, cyber extortion, or attempts to send political messages. In the case of MTN Nigeria, it was likely a continuation of the same state-linked cyber attack that had paralysed East African infrastructure just a week before.
The DDoS attack, which lasted nearly eight hours, sought to overwhelm MTNs voice and data services by flooding its network with malicious traffic from compromised computers across the globe.
The actors were targeting high-profile institutions to draw attention and demonstrate their capabilities, said Gideon Adekile, MTN Nigerias General Manager for Information Security.
These distributed attack networks or botnetsa network of privately owned computers secretly infected with malware and remotely controlled without their owners knowledgelaunched a massive flood of malicious data packets targeting MTN Nigerias network. The goal was to overwhelm and disrupt services relied upon by more than 80 million subscribers nationwide.
The assault lasted nearly eight hours, with attackers constantly adapting their tactics in real-time to evade MTNs defensesa hallmark of a sophisticated DDoS campaign. This approach involves actively monitoring the attacks impact and adjusting methods on the fly, such as switching from high-volume traffic floods to targeted application-layer strikes, randomising patterns to avoid detection, spoofing IP addresses, or mimicking legitimate user behavior. Despite these evolving tactics, MTN was prepared, according to Adekile.
We had our support partners and internal teams on alert, he said. We identified and dropped suspicious packets, optimised our firewalls, and contained the attack. When it became clear they couldnt bring us down, they moved on. Apart from disrupting services during the duration of the attacks, MTN claimed no subscriber data was lost.
While MTN successfully defended itself, DDoS attacks are a multi-billion-dollar problem globally. According to cybersecurity firm Cloudflare, the average cost of a successful DDoS attack can range from $20,000 to over $1 million, depending on the sector and severity. For telcos like MTN, the stakes are higher, given their role in national connectivity.
In many DDoS attacks, cybercriminals turn to extortion, demanding ransom payments with the threat of prolonging or escalating the assault. Faced with potential service outages and reputational damage, some companies choose to comply. Telecommunications and critical infrastructure providers across Africa have increasingly become prime targets. In early 2025, South Africas CO.ZA domain registry was hit, taking thousands of websites offline. Around the same time, Cameroons national power utility, Eneo, had to suspend parts of its operations after a major cyberattack, exposing the fragility of essential services across the continent.
Each successful incident emboldens attackers and fuels a cycle of repeated assaults.
They can keep you offline for weeks, said Shodunke, referencing recent East African cases where entire digital ecosystems were crippled for nearly two months. Then they start making demandspay the ransom, release activists, or pressure governments. Thats the risk.
One of the reasons DDoS attacks persist is the ease with which attackers can build or rent botnets. Many internet users fail to secure their personal computers, unintentionally contributing to these attacks.
Many people dont know enough about basic internet hygiene, Adekile said. Their devices get compromised and are used in attacks like this.
This creates a dual challenge for companies like MTN: They must protect their systems while also monitoring networks to stop compromised devices from launching global attacks. If our IP space is identified as a threat source, we get blacklisted, Adekile explained. Thats bad for our customers, bad for our reputation.
Obadare noted that, unlike banks that embraced cybersecurity protection more than a decade ago, the telecom industry operators have vacillated and have not prioritised investment in cybersecurity.
They are now starting to subscribe to DDoS protection because the NCC is getting serious, Obadare said. It is not the same abroad because there are proper Service Level Agreements (SLAs), so operators prioritise their protection either on-site or you subscribe to a service protection provider.
MTN processes an average of 14 petabytes of data every day, positioning it as a prime target for cybercriminals. However, the attempted attack on August 2 demonstrated that the companys investments in cybersecurity were paying off.
In the first quarter of 2025, MTN Nigeria spent �621 million (approximately $415,000) on security-related expenses, an increase from �607 million ($406,000) during the same period in 2024.
These expenses cover efforts to safeguard the companys infrastructure, data, and subscribers from both physical and cyber threats, underscoring the scale and importance of its defense operations in a high-risk digital environment.
Those threats are there every single day, said Shodunke. What was good enough yesterday isnt good enough today. We have to be relentless, always tweaking, upgrading, and adapting.
Cybersecurity, it turns out, is not a destination; its a moving target. The largest DDoS attack on MTN Nigeria may be over, but the war continues in the background, fought by people most customers will never see.
Mark your calendars! Moonshot by TechCabal is back in Lagos on October 1516! Join Africas top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% offdont snooze! moonshot.techcabal.com
