Cyber Incident Victim: Republic of Angola
Date:
Mar 2016
Location:
Angola
Summary
Anonymous Portugal launched cyber-attacks against government websites in retaliation for the imprisonment of 17 activists who had peacefully campaigned for political change. The collective targeted multiple official sites, causing disruptions including downtime and defacement with protest messages, while also leaking databases from unrelated platforms. This retaliation followed the activists' sentencing—ranging from two to eight years—after their arrest during a book club discussion on non-violent resistance, which authorities deemed subversive. The hackers initially listed 28 government targets before expanding to 83, framing the operation as a response to what they condemned as unjust persecution of dissenters.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident stemmed from the Angolan government's sentencing of 17 activists on March 29, 2016, following their arrest in June 2015 during a book club meeting where they discussed non-violent protest methods. These activists, including prominent rapper Luaty Beirao, had organized peaceful demonstrations calling for President Jose Eduardo dos Santos—in power since 1979—to resign. The court issued prison terms ranging from two to eight years, a decision widely condemned as politically motivated. An additional individual received an eight-month sentence for shouting "travesty of justice" during the trial. The verdict triggered immediate backlash from Anonymous Portugal, which publicly announced retaliatory cyber operations against Angolan government entities the same day.
Anonymous Portugal initiated distributed denial-of-service (DDoS) attacks and website defacements against 28 identified government targets starting March 30, causing significant downtime for multiple sites. On March 31, the group escalated operations by expanding its target list to 83 websites and exfiltrating databases from compromised systems, including some unrelated to government operations. Attack methods included replacing official website content with protest messages supporting the activists. The collective framed these actions as direct retaliation for the judicial persecution of dissenters, emphasizing demands for political reform. The attacks disrupted digital services across multiple government domains, though specific technical details of intrusion vectors were not disclosed in available reporting. Database leaks suggested broader collateral impact beyond intended governmental systems.