WikiLeaks Faced Cyberattacks and State Blocking After Publishing Sensitive Leaks
WikiLeaks repeatedly faced disruption tied to high-profile disclosures, including attacks on its infrastructure and government-imposed access restrictions. In one earlier episode, the organization struggled to keep its site online as opponents targeted its domain and hosting arrangements, forcing it to shift providers and addresses to stay reachable. Years later, WikiLeaks said it came under a sustained attack after announcing plans to publish roughly 300,000 emails and 500,000 documents related to Turkey’s political power structure following the failed coup attempt.
After the Turkish document release, authorities in Turkey blocked access to WikiLeaks, escalating the confrontation from network pressure to direct censorship. In a separate but related controversy, WikiLeaks supporters claimed responsibility for the massive Dyn distributed denial-of-service incident that disrupted major U.S. websites, framing it as retaliation for Ecuador cutting Julian Assange’s internet access, but investigators and security researchers said there was not enough evidence to attribute the attack to them and pointed instead to Mirai-driven botnet activity involving internet-connected devices.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
WikiLeaks supporters claim Dyn attack was retaliation for Assange cutoff
Supporters of WikiLeaks, including people claiming affiliation with Anonymous and New World Hackers, said the Dyn attack was retaliation for Ecuador cutting Julian Assange's internet access. Security researchers and U.S. officials said there was not enough evidence to confirm that attribution.
Dyn hit by major DDoS causing widespread U.S. website outages
A large distributed denial-of-service attack struck DNS provider Dyn in three waves beginning shortly after 7 a.m. EST, disrupting access to major websites including Twitter, Spotify, and The New York Times across the United States. Dyn and researchers said Mirai botnet malware was involved, and DHS and the FBI began investigating.
Turkey blocks access to WikiLeaks after email dump
Turkish authorities blocked access to WikiLeaks after the publication of government-related emails. The move was reported as part of broader internet censorship and controls imposed in the coup aftermath.
WikiLeaks publishes AKP government email dump
WikiLeaks released a cache of Turkish government and AKP-related emails, prompting a rapid response from Turkish authorities. Reporting tied the release to tensions following the failed coup attempt earlier that month.
WikiLeaks reports sustained attack before Turkey document release
WikiLeaks said its website was under a sustained ongoing attack after announcing plans to publish documents about Turkey's political power structure. The group said it was preparing to release roughly 300,000 emails and 500,000 documents related to the aftermath of the failed Turkish coup.
SarahPAC reports DDoS attack amid Operation Payback backlash
Sarah Palin and her aides said SarahPAC's website was hit by a denial-of-service attack during the WikiLeaks-related Operation Payback campaign, and also claimed Sarah and Todd Palin's credit card accounts were compromised. Reports cited a developer who said the LOIC attack tool was used and that server logs contained a message referencing WikiLeaks and Anon_Ops, though attribution was disputed.
PayPal suspends WikiLeaks donation account amid cable leak backlash
PayPal permanently suspended WikiLeaks' donation account as pressure mounted after the publication of U.S. diplomatic cables. The report also said Amazon had stopped hosting WikiLeaks, EveryDNS had ceased directing traffic to the site, and WikiLeaks was facing denial-of-service attacks.
Amazon removes WikiLeaks from hosting over cable publication
Amazon stopped hosting WikiLeaks after the site published U.S. diplomatic cables, saying the organization violated its terms of service because it did not own the rights to the material and the release could endanger innocent people. After losing Amazon hosting, WikiLeaks also lost DNS support and was temporarily reachable only by IP address.
Australia's internet filter trial blocks some WikiLeaks pages
During Australia's trial of a mandatory internet filtering system, some WikiLeaks pages were reportedly added to the blacklist after WikiLeaks published a list of websites banned by the Danish government. The incident drew criticism because the filtering scheme had been presented as targeting illegal child abuse material, but appeared to include other controversial content.
Julius Baer injunction leads to temporary WikiLeaks domain takedown
Swiss bank Julius Baer obtained a U.S. court injunction that caused domain registrar Dynadot to remove the wikileaks.org domain, temporarily disrupting access to WikiLeaks. The move sparked backlash over internet censorship and drove wider distribution of the disputed banking documents through mirrors and direct IP access.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Whistle while you work | Internet | The Guardian
theguardian.com
Open sourceWikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical - POLITICO
web.archive.org
Open sourceTurkey Blocks WikiLeaks After Dump of Government Emails
vice.com
Open sourceErdogan emails: Turkey blocks access to WikiLeaks after release of 300,000 secret government emails | The Independent | The Independent
independent.co.uk
Open sourceWikiLeaks hit by new online onslaught | The Independent | The Independent
independent.co.uk
Open sourceWikiLeaks Struggles to Keep a Step Ahead of Hackers - NYTimes.com
web.archive.org
Open sourceWikiLeaks got kicked off Amazon on purpose, says Assange - CNET
cnet.com
Open sourceAussie firewall blocks Wikileaks • The Register
web.archive.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Anonymous Expanded Operation Payback From Anti-Piracy Targets to WikiLeaks Backers
Anonymous used **distributed denial-of-service (DDoS)** attacks under the banner of **Operation Payback** to hit anti-piracy groups and related legal entities including the **RIAA, MPAA, BPI, AFACT, BREIN, Websheriff**, and the law firm **Dunlap, Grubb and Weaver**. The campaign escalated after the shutdown of LimeWire, with Anonymous publicly planning another attack on the RIAA and portraying the action as retaliation against copyright enforcement. Earlier attacks also coincided with the takedown of **ACS:Law**, where hundreds of megabytes of internal emails were exposed after the firm was knocked offline. The operation later widened into a pro-WikiLeaks campaign branded **Operation Avenge Assange** after **PayPal, Visa, MasterCard, and Amazon** cut services to WikiLeaks following the publication of US diplomatic cables. Anonymous launched prolonged attacks that disrupted PayPal and targeted other firms seen as censoring WikiLeaks, while police in the UK opened investigations, monitored threats against government sites, and examined the use of the **Low Orbit Ion Cannon** by participants. The campaign showed how Anonymous evolved from anti-piracy retaliation into politically motivated online disruption aimed at organizations viewed as restricting access, speech, or digital distribution.
May 25, 2026
High-Profile Cyber Incidents Expose Weak Security and Disrupt Critical Services
A series of high-profile cyber incidents disrupted major online platforms, exposed weak security practices, and highlighted the broad impact of both criminal and activist hacking. A global ransomware outbreak later identified as **WannaCry** spread rapidly across organizations before a security researcher slowed it by registering a domain used as a kill switch, while a separate attack briefly knocked major websites offline through distributed denial-of-service activity. In another major case, hackers compromised prominent US Twitter accounts and used them to promote a Bitcoin scam, demonstrating how access to trusted platforms can be weaponized at scale. Other incidents underscored persistent failures in account security and access control. Equifax faced scrutiny after an Argentine employee portal was reportedly protected with the username and password **`admin`**, adding to concerns around the company’s security posture. Apple said some user accounts had been compromised while denying a broader breach of its systems, and the celebrity photo leak known as **“the fappening”** showed how attackers could exploit personal account weaknesses. Separately, US authorities linked Julian Assange to alleged conspiracy with Anonymous-affiliated hackers, activist campaigns targeted recording industry websites, and the Colonial Pipeline ransomware case showed how an intrusion into a critical fuel operator could trigger widespread operational disruption even when attackers later claimed they had not intended such consequences.
May 25, 2026
4chan Suffers Major Cyberattacks From DDoS Disruption to Database Breach
4chan has repeatedly been hit by major cyberattacks, including a large-scale **distributed denial-of-service** campaign that knocked the site offline or made it intermittently unreachable for nearly a day amid fallout from Anonymous-linked pro-WikiLeaks operations. Reporting at the time said the outage resembled attacks that had recently struck **Mastercard, Visa, and PayPal**, and Netcraft confirmed the disruption was severe before partial recovery began. Separate reporting on broader internet outages and high-profile DDoS incidents, including the record attack on **KrebsOnSecurity** and claims by WikiLeaks that its supporters were involved in a massive attack, underscored the wider hacktivist and botnet-driven environment surrounding such disruptions. In a later and more damaging incident, 4chan said it was forced into a nearly two-week shutdown after a **catastrophic database attack** that compromised source code, multiple databases, and a critical server, while also exposing personal information tied to moderators and many users. The site said attackers vandalized systems and that recovery was slowed by aging code, weak infrastructure, limited funding, and a shortage of skilled staff. When service returned, core functions remained restricted, with posting and image uploads still unavailable, the `/f/` board permanently removed because of `.swf`-related exploit risk, and PDF uploads temporarily disabled as administrators rebuilt the platform.
May 30, 2026