The hacktivist group Anonymous Sudan carried out a series of distributed denial of service (DDoS) cyber attacks against online services in Kenya on 28 July 2023, leaving citizens and businesses without access to essential programmes on the country's e-Citizen platform. Anonymous Sudan claims to be a group of Sudanese extremists, but security researchers believe it is actually a Russian cybercrime gang in disguise.
These attacks affected services such as the purchase of electricity tokens and payments via the M-Pesa mobile transaction system. In addition, government services on the e-Citizen platform, including visa applications and business registrations, were impacted. The country's rail network also experienced ticketing problems due to a network failure at an IT supplier.
The Kenyan government responded by blocking the source IP address behind the attack requests, but intermittent interruptions persisted for several hours. To date, Anonymous Sudan's motives remain unclear, but the group has claimed that the attacks are in support of the Sudanese government in response to statements by Kenyan government officials questioning Sudan's sovereignty.
It should be noted that Kenya is not the first country to be targeted by such attacks. The threat is growing in the sub-region and in Africa in general, and represents a cyber-handicap for national infrastructures and government services on a global scale.
It is crucial for the Kenyan authorities to take steps to strengthen their cyber security and protect critical infrastructure from such attacks in the future.