Hacktivist group Anonymous Sudan has launched a sustained barrage of distributed denial of service (DDoS) cyberattacks against online services in Kenya this week, and is promising that the worst is yet to come. The attacks have left citizens and businesses without access to critical programmes on the country’s e-Citizen platform, it has been reported, and come just weeks after the Kenyan government expanded e-Citizen to make 5,000 government services available on the portal.
Anonymous Sudan, which claims to be a group of extremists operating out of Sudan but is actually thought to be a Russian cybercrime gang in disguise, said on its Telegram channel today that the attacks will ramp up in the coming hours. “We will start attacking Kenya again… but the biggest attack will come after Friday prayers,” the group wrote.
How Anonymous Sudan DDoS attacks crippled Kenya
While hackers often make big proclamations and do not follow through on them, it is fair to say Anonymous Sudan has already caused considerable chaos in Kenya.
Kenyans have apparently been unable to access services such as buying electricity tokens, while businesses and citizens have been unable to make payments via the M-Pesa mobile transaction system, which has been hit by outages as part of the cyberattack. M-Pesa, which is operated by Kenya’s Safaricom in partnership with Vodafone, processed 26 billion transactions in the year to the end of March 2023.
Government services on Kenya’s e-Citizen platform have also been impacted, meaning services such as visa applications and business registrations have been unavailable. The country’s rail network was hit too, with a network outage at an IT supplier causing ticketing issues.
The Kenyan government says no personal data has been compromised, and that e-Citizen is back up and running, though some users on social media are still reporting time-out messages.
“The attack on the e-Citizen platform involved an unsuccessful attempt to overload the system with extraordinary requests with the intention of clogging the system, but our technical teams blocked the source IP address from which the requests originated,” Kenya’s ICT cabinet secretary Eliud Owalo said. “However, as a result of the attack efforts, the system is experiencing intermittent interruptions that are affecting the normal speed of access to services on the platform. We will shortly return to optimal utilisation levels.”
Anonymous Sudan’s attack comes just weeks after the e-Citizen platform was expanded to cover 5,000 additional government services. The Kenyan government was keen to expand the platform to give Kenyans easier access to government departments and to help eliminate corruption.
Kenya is not the first country to be targeted by hackers. Last year, Costa Rica’s government saw its IT infrastructure crippled by a ransomware attack from the Russian gang Conti, leading to widespread disruption, while the Pacific island of Vanuatu also suffered at the hands of hackers.
Anonymous Sudan continues barrage of attacks
Anonymous Sudan claimed on Telegram that its attacks on Kenya are in support of the Sudanese government because officials in Nairobi “released statements doubting the sovereignty of [the Sudanese] government.” Kenya’s president William Ruto has been put forward to lead a mediation group as part of efforts to end the ongoing civil conflict in Sudan.
However, security researchers believe the hackers are more likely to emanate from Russia and are engaged in a campaign to cause havoc for the US and other allies of Ukraine with a series of low-skill but disruptive DDoS attacks, which overwhelm servers and often cause them to fail.
In recent months, the gang has hit Microsoft, taking down Office 365 services for several hours, US fan fiction website AO3, and threatening Paypal and the Israeli government.
It also joined forces with two Russian gangs, Killnet and REvil to threaten attacks on the global financial system, though no such breaches were publicly disclosed.