View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 28, 2023updated 31 Jul 2023 8:42am

Anonymous Sudan DDoS cyberattacks cripple Kenya’s new e-Citizen digital infrastructure

DDoS attacks from the supposedly Sudanese hackers have disrupted the Kenyan economy this week, and worse could be still to come.

By Matthew Gooding

Hacktivist group Anonymous Sudan has launched a sustained barrage of distributed denial of service (DDoS) cyberattacks against online services in Kenya this week, and is promising that the worst is yet to come. The attacks have left citizens and businesses without access to critical programmes on the country’s e-Citizen platform, it has been reported, and come just weeks after the Kenyan government expanded e-Citizen to make 5,000 government services available on the portal.

Anonymous Sudan
Businesses in Nairobi, Kenya’s capital, have felt the force of Anonymous Sudan DDoS cyberattacks. (Photo by Sopotnicki/Shutterstock)

Anonymous Sudan, which claims to be a group of extremists operating out of Sudan but is actually thought to be a Russian cybercrime gang in disguise, said on its Telegram channel today that the attacks will ramp up in the coming hours. “We will start attacking Kenya again… but the biggest attack will come after Friday prayers,” the group wrote.

How Anonymous Sudan DDoS attacks crippled Kenya

While hackers often make big proclamations and do not follow through on them, it is fair to say Anonymous Sudan has already caused considerable chaos in Kenya.

Kenyans have apparently been unable to access services such as buying electricity tokens, while businesses and citizens have been unable to make payments via the M-Pesa mobile transaction system, which has been hit by outages as part of the cyberattack. M-Pesa, which is operated by Kenya’s Safaricom in partnership with Vodafone, processed 26 billion transactions in the year to the end of March 2023.

Government services on Kenya’s e-Citizen platform have also been impacted, meaning services such as visa applications and business registrations have been unavailable. The country’s rail network was hit too, with a network outage at an IT supplier causing ticketing issues.

The Kenyan government says no personal data has been compromised, and that e-Citizen is back up and running, though some users on social media are still reporting time-out messages.

“The attack on the e-Citizen platform involved an unsuccessful attempt to overload the system with extraordinary requests with the intention of clogging the system, but our technical teams blocked the source IP address from which the requests originated,” Kenya’s ICT cabinet secretary Eliud Owalo said. “However, as a result of the attack efforts, the system is experiencing intermittent interruptions that are affecting the normal speed of access to services on the platform. We will shortly return to optimal utilisation levels.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Anonymous Sudan’s attack comes just weeks after the e-Citizen platform was expanded to cover 5,000 additional government services. The Kenyan government was keen to expand the platform to give Kenyans easier access to government departments and to help eliminate corruption.

Kenya is not the first country to be targeted by hackers. Last year, Costa Rica’s government saw its IT infrastructure crippled by a ransomware attack from the Russian gang Conti, leading to widespread disruption, while the Pacific island of Vanuatu also suffered at the hands of hackers.

Anonymous Sudan continues barrage of attacks

Anonymous Sudan claimed on Telegram that its attacks on Kenya are in support of the Sudanese government because officials in Nairobi “released statements doubting the sovereignty of [the Sudanese] government.” Kenya’s president William Ruto has been put forward to lead a mediation group as part of efforts to end the ongoing civil conflict in Sudan.

However, security researchers believe the hackers are more likely to emanate from Russia and are engaged in a campaign to cause havoc for the US and other allies of Ukraine with a series of low-skill but disruptive DDoS attacks, which overwhelm servers and often cause them to fail.

In recent months, the gang has hit Microsoft, taking down Office 365 services for several hours, US fan fiction website AO3, and threatening Paypal and the Israeli government.

It also joined forces with two Russian gangs, Killnet and REvil to threaten attacks on the global financial system, though no such breaches were publicly disclosed.

Read more: Will new SEC cyberattack reporting rules force the UK to follow suit?

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.