On August 2, 2023, MTN Nigeria, the country’s largest telecom operator, became the target of one of the most extensive Distributed Denial of Service (DDoS) attacks ever recorded against a corporate entity in West Africa. The cyberattack, claimed by the notorious hacktivist group Anonymous Sudan, tested the company’s cybersecurity infrastructure and highlighted the growing threat of coordinated digital assaults across the continent.
This was not an isolated event. Days earlier, on July 27 and 28, Kenya had been rocked by a wave of DDoS attacks that crippled public and private systems: the government’s eCitizen portal went offline, Kenya Power and Lighting’s prepaid token system was disrupted, and access to banks, hospitals, and even M-Pesa, East Africa’s dominant mobile money service, was severely compromised. Tanzania and other nations soon followed. A pattern was forming, and MTN Nigeria knew they might be next.
Shoyinka Shodunke, MTN Nigeria’s Chief Information Officer, recalled the warning signs. “It was not just limited to Nigeria. There had been attacks going on in Kenya, Tanzania, and a whole lot of other African countries,” he told in an interview. “We predicted they might shift to Nigeria.”
Anonymous Sudan also launched similar DDoS attacks in Uganda on February 6, 2024, targeting Airtel, MTN, and Uganda Telecom.
With early warning indicators in sight, MTN Nigeria activated its internal security protocols. While the company did not disclose specific details, the telecom industry’s best practices for defending against Distributed Denial-of-Service (DDoS) attacks typically involve a multi-layered, defense-in-depth strategy. This approach combines proactive monitoring, intelligent traffic filtering, and automated mitigation systems. It begins with constant network traffic surveillance, leveraging AI and machine learning tools to detect anomalies—such as sudden traffic spikes or irregular patterns—that could signal an attack.
Upon detection, operators often scale up bandwidth to absorb the surge, apply rate limiting and access control lists (ACLs) to block suspicious traffic, and deploy cloud-based DDoS mitigation services to filter out malicious data before it reaches core systems.
“DDoS is like the low-hanging fruit for most organisations if they are not prepared,” said Peter Obadare, a Professor of Practice in Cybersecurity, Miva Open University. “ The truth is, if hackers can’t get in, they use a DDoS attack. They flood your system or network with overwhelming traffic from multiple sources, making it difficult to distinguish between legitimate and malicious requests. The goal is to exhaust the system’s resources, making it unavailable to users.
As part of its coordinated response, MTN Nigeria promptly alerted key government and industry stakeholders, including the Office of the National Security Adviser (ONSA), the Nigerian Communications Commission (NCC), and the Ministry of Communications, Innovation and Digital Economy, about the imminent threat. However, before full defensive measures could be deployed across the ecosystem, the first signs of network disruption began to surface.
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack occurs when malicious actors flood a server or network with excessive traffic from multiple sources, often hijacked computers known as “zombies” or “botnets,” to the point where legitimate users are unable to access the service. It’s the digital equivalent of hundreds of thousands of people trying to enter a building at once, overwhelming the entrances until even employees can’t get inside.
These attacks are rarely random. They are often motivated by geopolitical tension, cyber extortion, or attempts to send political messages. In the case of MTN Nigeria, it was likely a continuation of the same state-linked cyber attack that had paralysed East African infrastructure just a week before.
Eight hours under siege
The DDoS attack, which lasted nearly eight hours, sought to overwhelm MTN’s voice and data services by flooding its network with malicious traffic from compromised computers across the globe.
“The actors were targeting high-profile institutions to draw attention and demonstrate their capabilities,” said Gideon Adekile, MTN Nigeria’s General Manager for Information Security.
These distributed attack networks or botnets—a network of privately owned computers secretly infected with malware and remotely controlled without their owners’ knowledge—launched a massive flood of malicious data packets targeting MTN Nigeria’s network. The goal was to overwhelm and disrupt services relied upon by more than 80 million subscribers nationwide.
The assault lasted nearly eight hours, with attackers constantly adapting their tactics in real-time to evade MTN’s defenses—a hallmark of a sophisticated DDoS campaign. This approach involves actively monitoring the attack’s impact and adjusting methods on the fly, such as switching from high-volume traffic floods to targeted application-layer strikes, randomising patterns to avoid detection, spoofing IP addresses, or mimicking legitimate user behavior. Despite these evolving tactics, MTN was prepared, according to Adekile.
“We had our support partners and internal teams on alert,” he said. “We identified and dropped suspicious packets, optimised our firewalls, and contained the attack. When it became clear they couldn’t bring us down, they moved on.” Apart from disrupting services during the duration of the attacks, MTN claimed no subscriber data was lost.
An expensive threat
While MTN successfully defended itself, DDoS attacks are a multi-billion-dollar problem globally. According to cybersecurity firm Cloudflare, the average cost of a successful DDoS attack can range from $20,000 to over $1 million, depending on the sector and severity. For telcos like MTN, the stakes are higher, given their role in national connectivity.
In many DDoS attacks, cybercriminals turn to extortion, demanding ransom payments with the threat of prolonging or escalating the assault. Faced with potential service outages and reputational damage, some companies choose to comply. Telecommunications and critical infrastructure providers across Africa have increasingly become prime targets. In early 2025, South Africa’s CO.ZA domain registry was hit, taking thousands of websites offline. Around the same time, Cameroon’s national power utility, Eneo, had to suspend parts of its operations after a major cyberattack, exposing the fragility of essential services across the continent.
Each successful incident emboldens attackers and fuels a cycle of repeated assaults.
“They can keep you offline for weeks,” said Shodunke, referencing recent East African cases where entire digital ecosystems were crippled for nearly two months. “Then they start making demands—pay the ransom, release activists, or pressure governments. That’s the risk.”
Why do they keep coming?
One of the reasons DDoS attacks persist is the ease with which attackers can build or rent botnets. Many internet users fail to secure their personal computers, unintentionally contributing to these attacks.
“Many people don’t know enough about basic internet hygiene,” Adekile said. “Their devices get compromised and are used in attacks like this.”
This creates a dual challenge for companies like MTN: They must protect their systems while also monitoring networks to stop compromised devices from launching global attacks. “If our IP space is identified as a threat source, we get blacklisted,” Adekile explained. “That’s bad for our customers, bad for our reputation.”
Obadare noted that, unlike banks that embraced cybersecurity protection more than a decade ago, the telecom industry operators have vacillated and have not prioritised investment in cybersecurity.
“They are now starting to subscribe to DDoS protection because the NCC is getting serious,” Obadare said. “It is not the same abroad because there are proper Service Level Agreements (SLAs), so operators prioritise their protection either on-site or you subscribe to a service protection provider.”
The relentless digital arms race
MTN processes an average of 14 petabytes of data every day, positioning it as a prime target for cybercriminals. However, the attempted attack on August 2 demonstrated that the company’s investments in cybersecurity were paying off.
In the first quarter of 2025, MTN Nigeria spent ₦621 million (approximately $415,000) on security-related expenses, an increase from ₦607 million ($406,000) during the same period in 2024.
These expenses cover efforts to safeguard the company’s infrastructure, data, and subscribers from both physical and cyber threats, underscoring the scale and importance of its defense operations in a high-risk digital environment.
“Those threats are there every single day,” said Shodunke. “What was good enough yesterday isn’t good enough today. We have to be relentless, always tweaking, upgrading, and adapting.”
Cybersecurity, it turns out, is not a destination; it’s a moving target. The largest DDoS attack on MTN Nigeria may be over, but the war continues in the background, fought by people most customers will never see.
Mark your calendars! Moonshot by is back in Lagos on October 15–16! Join Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Early bird tickets now 20% off—don’t snooze! moonshot..com
