On August 2, 2023, MTN Nigeria, the countryโs largest telecom operator, became the target of one of the most extensive Distributed Denial of Service (DDoS) attacks ever recorded against a corporate entity in West Africa. The cyberattack, claimed by the notorious hacktivist group Anonymous Sudan, tested the companyโs cybersecurity infrastructure and highlighted the growing threat of coordinated digital assaults across the continent.
This was not an isolated event. Days earlier, on July 27 and 28, Kenya had been rocked by a wave of DDoS attacks that crippled public and private systems: the governmentโs eCitizen portal went offline, Kenya Power and Lightingโs prepaid token system was disrupted, and access to banks, hospitals, and even M-Pesa, East Africaโs dominant mobile money service, was severely compromised. Tanzania and other nations soon followed. A pattern was forming, and MTN Nigeria knew they might be next.
Shoyinka Shodunke, MTN Nigeriaโs Chief Information Officer, recalled the warning signs. โIt was not just limited to Nigeria. There had been attacks going on in Kenya, Tanzania, and a whole lot of other African countries,โ he told TechCabal in an interview. โWe predicted they might shift to Nigeria.โ
Anonymous Sudan also launched similar DDoS attacks in Uganda on February 6, 2024, targeting Airtel, MTN, and Uganda Telecom.
With early warning indicators in sight, MTN Nigeria activated its internal security protocols. While the company did not disclose specific details, the telecom industry’s best practices for defending against Distributed Denial-of-Service (DDoS) attacks typically involve a multi-layered, defense-in-depth strategy. This approach combines proactive monitoring, intelligent traffic filtering, and automated mitigation systems. It begins with constant network traffic surveillance, leveraging AI and machine learning tools to detect anomaliesโsuch as sudden traffic spikes or irregular patternsโthat could signal an attack.
Upon detection, operators often scale up bandwidth to absorb the surge, apply rate limiting and access control lists (ACLs) to block suspicious traffic, and deploy cloud-based DDoS mitigation services to filter out malicious data before it reaches core systems.
โDDoS is like the low-hanging fruit for most organisations if they are not prepared,โ said Peter Obadare, a Professor of Practice in Cybersecurity, Miva Open University. โ The truth is, if hackers canโt get in, they use a DDoS attack. They flood your system or network with overwhelming traffic from multiple sources, making it difficult to distinguish between legitimate and malicious requests. The goal is to exhaust the system’s resources, making it unavailable to users.
As part of its coordinated response, MTN Nigeria promptly alerted key government and industry stakeholders, including the Office of the National Security Adviser (ONSA), the Nigerian Communications Commission (NCC), and the Ministry of Communications, Innovation and Digital Economy, about the imminent threat. However, before full defensive measures could be deployed across the ecosystem, the first signs of network disruption began to surface.
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack occurs when malicious actors flood a server or network with excessive traffic from multiple sources, often hijacked computers known as โzombiesโ or โbotnets,โ to the point where legitimate users are unable to access the service. Itโs the digital equivalent of hundreds of thousands of people trying to enter a building at once, overwhelming the entrances until even employees canโt get inside.
These attacks are rarely random. They are often motivated by geopolitical tension, cyber extortion, or attempts to send political messages. In the case of MTN Nigeria, it was likely a continuation of the same state-linked cyber attack that had paralysed East African infrastructure just a week before.
Eight hours under siege
The DDoS attack, which lasted nearly eight hours, sought to overwhelm MTNโs voice and data services by flooding its network with malicious traffic from compromised computers across the globe.
โThe actors were targeting high-profile institutions to draw attention and demonstrate their capabilities,โ said Gideon Adekile, MTN Nigeriaโs General Manager for Information Security.
These distributed attack networks or botnetsโa network of privately owned computers secretly infected with malware and remotely controlled without their owners’ knowledgeโlaunched a massive flood of malicious data packets targeting MTN Nigeriaโs network. The goal was to overwhelm and disrupt services relied upon by more than 80 million subscribers nationwide.
The assault lasted nearly eight hours, with attackers constantly adapting their tactics in real-time to evade MTNโs defensesโa hallmark of a sophisticated DDoS campaign. This approach involves actively monitoring the attackโs impact and adjusting methods on the fly, such as switching from high-volume traffic floods to targeted application-layer strikes, randomising patterns to avoid detection, spoofing IP addresses, or mimicking legitimate user behavior. Despite these evolving tactics, MTN was prepared, according to Adekile.
โWe had our support partners and internal teams on alert,โ he said. โWe identified and dropped suspicious packets, optimised our firewalls, and contained the attack. When it became clear they couldnโt bring us down, they moved on.โ Apart from disrupting services during the duration of the attacks, MTN claimed no subscriber data was lost.
An expensive threat
While MTN successfully defended itself, DDoS attacks are a multi-billion-dollar problem globally. According to cybersecurity firm Cloudflare, the average cost of a successful DDoS attack can range from $20,000 to over $1 million, depending on the sector and severity. For telcos like MTN, the stakes are higher, given their role in national connectivity.
In many DDoS attacks, cybercriminals turn to extortion, demanding ransom payments with the threat of prolonging or escalating the assault. Faced with potential service outages and reputational damage, some companies choose to comply. Telecommunications and critical infrastructure providers across Africa have increasingly become prime targets. In early 2025, South Africaโs CO.ZA domain registry was hit, taking thousands of websites offline. Around the same time, Cameroonโs national power utility, Eneo, had to suspend parts of its operations after a major cyberattack, exposing the fragility of essential services across the continent.
Each successful incident emboldens attackers and fuels a cycle of repeated assaults.
โThey can keep you offline for weeks,โ said Shodunke, referencing recent East African cases where entire digital ecosystems were crippled for nearly two months. โThen they start making demandsโpay the ransom, release activists, or pressure governments. Thatโs the risk.โ
Why do they keep coming?
One of the reasons DDoS attacks persist is the ease with which attackers can build or rent botnets. Many internet users fail to secure their personal computers, unintentionally contributing to these attacks.
โMany people donโt know enough about basic internet hygiene,โ Adekile said. โTheir devices get compromised and are used in attacks like this.โ
This creates a dual challenge for companies like MTN: They must protect their systems while also monitoring networks to stop compromised devices from launching global attacks. โIf our IP space is identified as a threat source, we get blacklisted,โ Adekile explained. โThatโs bad for our customers, bad for our reputation.โ
Obadare noted that, unlike banks that embraced cybersecurity protection more than a decade ago, the telecom industry operators have vacillated and have not prioritised investment in cybersecurity.
โThey are now starting to subscribe to DDoS protection because the NCC is getting serious,โ Obadare said. โIt is not the same abroad because there are proper Service Level Agreements (SLAs), so operators prioritise their protection either on-site or you subscribe to a service protection provider.โ
The relentless digital arms race
MTN processes an average of 14 petabytes of data every day, positioning it as a prime target for cybercriminals. However, the attempted attack on August 2 demonstrated that the companyโs investments in cybersecurity were paying off.
In the first quarter of 2025, MTN Nigeria spent โฆ621 million (approximately $415,000) on security-related expenses, an increase from โฆ607 million ($406,000) during the same period in 2024.
These expenses cover efforts to safeguard the companyโs infrastructure, data, and subscribers from both physical and cyber threats, underscoring the scale and importance of its defense operations in a high-risk digital environment.
โThose threats are there every single day,โ said Shodunke. โWhat was good enough yesterday isnโt good enough today. We have to be relentless, always tweaking, upgrading, and adapting.โ
Cybersecurity, it turns out, is not a destination; itโs a moving target. The largest DDoS attack on MTN Nigeria may be over, but the war continues in the background, fought by people most customers will never see.
Mark your calendars! Moonshot by TechCabal is back in Lagos on October 15โ16! Join Africaโs top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% offโdonโt snooze! moonshot.techcabal.com
