OpAfrica Update - March 2016

March 9, 2016 02:00 PM

The hacktivist group Anonymous is back, this time fighting corruption across the continent of Africa. #OpAfrica is an operation run by several hacktivists within Anonymous who are focused on targeting corporations and government that "enable and perpetuate corruption on the African continent"

Download a Copy Now


The hacktivist group Anonymous has upped the ante in its cyber-assault against corporations and government that "enable and perpetuate corruption on the African continent." Since Radware's previous ERT alert on February 16, 2016, the OpAfrica operation has grown and the need for further DDoS prevention will be needed with the assistance of DDoS attacks from a collection of Anonymous-affiliated groups, including the hacktivist group, New World Hackers (see Figure 1), Team Hack Argentino, and others.


OpAfrica is an Anonymous operation that is focused on fighting corruption, child abuse and internet censorship across the continent. Since the launch of the operation in February, Anonymous has targeted the governments of Rwanda, Uganda, South Africa, Tanzania, Zimbabwe and Sudan with defacements, data dumps and massive DDoS attacks. As predicted in the previous ERT Alert, DDoS prevention is needed as Anonymous has issued an expanded target list for the second phase of the operation, claiming they will not stop anytime soon.

Figure 1: New World Hackers claim support for OpAfrica

Upon joining, New World Hackers attacked the DNS server portals for a number of government sites in South Africa (see Figure 2), resulting in outages for the following:

  • gov.za
  • capetown.gov.za
  • News.co.za
  • dod.mil.za
  • treasury.gov.za
  • entenders.gov.za
  • icd.gov.za
  • weterncape.gov.za
  • educationweek.co.za

Figure 2: New World Hackers down gov.za

Operation Information


  • World Hacker Team
  • New World Hackers
  • Team Hack Argentino
  • Hanom1960
  • Greater Anonymous collective



  • irc.cyberguerrilla.org Port 6697
  • webchat.cyberguerrilla.org


  • #Hack_Africa / #OpSouthAfrica


  • https://vimeo.com/153705229


  • @OpAfricaHQ (Update)

Original Target List

  • Rwanda Government
  • Uganda Government
  • South Africa Government
  • Zimbabwe Government
  • Tanzania Government
  • Sudan and South Sudan Government
  • Ethiopia Government

Updated Target List

  • World Hacker Team
  • New World Hackers
  • Team Hack Argentino
  • Hanom1960
  • Greater Anonymous collective

Recently Targeted ii

  • Rwanda Government IT – World Hacker Team (WHT)
  • South African Government Communication and Information System (GCIS) – WHT
  • South African Department of Water Affairs – WHT
  • Tanzania Telecommunications Company LTD – WHT
  • vreport.co.za – WHT
  • A staggering 2,532 South African websites – Team Hack Argentino – Tobitow
  • Parliament of Malawi – LulzSec
  • Central Bank of Nigeria – LulzSec
  • Government of Zimbabwe's Network – LulzSec
  • Uganda Revenue Authority – LulzSec
  • Seed Marketing Co. – New World Hackers
  • Assembly of Niger – NWH
  • BokoHaram.net – NWH

Figure 3: Deface of meteo.go.ke by Hanom1960

Figure 4: Image used on defaced sites for OpAfrica

Reasons for Concern

Many sites suffered SQL injections, data dumps and service outages caused by network crippling DDoS attacks. OpAfrica is expected to continue as it enters the second phase of operations, moving on to their next targets. These targets can expect to experience similar attacks to those used during the first phase. Radware also expects to see a new target list in the future and the continued support from the greater Anonymous collective.

Effective DDoS Prevention Considerations

Enterprises and government agencies should consider a comprehensive DDoS prevention system to detect and mitigate multi-vector, volumetric denial of service, and Web application attacks. Enterprises should monitor security alerts and examine triggers carefully. Tune existing policies and DDoS prevention techniques to prevent false positives and allow identification of real threats if and when they occur.

Here are several considerations for a seamless security solution:

  • A hybrid solution that includes on premise detection and DDoS mitigation with cloud-based protection for volumetric attacks. This provides quick detection, immediate mitigation and protects networks from volumetric attacks that aim to saturate the Internet pipe.
  • A Web application security protection solution via a Web Application Firewall (WAF) or a cloud WAF service, that can protect against sophisticated web-based attacks and website intrusions to prevent defacement and information theft.
  • An integrated, synchronized DDoS prevention solution that can protect from multi-vector attacks combining DDoS with web-based exploits such as website scraping, Brute Force and HTTP floods.
  • A cyber security emergency response plan that includes an emergency response team and process in place. Identify areas where help is needed from a third party.

Additional important DDoS prevention considerations when choosing a solution to defend from web-based attacks:

  • IP-agnostic device fingerprinting – Having the ability to detect attacks beyond source-IP using by developing a device fingerprint that enables precise activity tracking over time
  • Automatic and real time generation of policies to protect from 0-day, unknown attacks
  • Shortest time from deployment to security

Need Expert Emergency Assistance?

Radware offers a full range of DDoS prevention solutions to help networks properly mitigate attacks similar to these. Our attack mitigation solutions provide a set of patented and integrated technologies designed to detect, mitigate and report todays most advanced DDoS attacks and cyber threats. With dedicated hardware, fully managed services and cloud solutions that offer the best DDoS protection against DDoS attacks, Radware can help ensure service availability. To understand how Radware's attack mitigation and DDoS prevention solutions can better protect your network contact us today.

  • ihttps://www.cyberguerrilla.org/blog/operation_africa_phase_two/
  • ii https://ghostbin.com/paste/8795b

Click here to download a copy of the ERT Threat Alert.

Download Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center