Kenyan Gov’t Acknowledges “Anynonymous Sudan” Attacks

The Kenyan Ministry of ICT and Digital Economy has refuted claims that the e-citizen portal, offering over 5,000 government services, was hacked after facing service outages.

The outage of critical services on the e-citizen platform occurred after Anonymous Sudan, a hacking group, recently issued a warning to the Kenyan government and private organisations, claiming to have successfully penetrated their websites and intending to disrupt services on the affected platforms.

The group stated, “We have targeted most backend network infrastructure of Kenya. Most websites will encounter problems. We cannot reveal the details of the attack, but we’re certain this attack has harmed their infrastructure a lot and they know this very well,” in a post on their Telegram group.

However, the Ministry, in a statement released last Thursday, acknowledged that there had been attempts of cyber-attacks over the past week targeting both government and private sectors, which they deemed “unsuccessful.”

“The e-Citizen portal was among the targets, but the attack only involved an unsuccessful attempt to overload the system through extraordinary requests, which the technical teams promptly blocked by identifying the source IP address,” Eluid Owallo, ICT Cabinet Secretary.

As a result of the attacks, Owallo explained that the system has been experiencing intermittent interruptions, affecting the speed of accessing services on the platform. He, however, noted the attempts to interrupt the system have been successfully repelled by the existing security systems and applications in place and would return to optimal utilization levels shortly.

The issues did not solely affect the e-citizen platform, as Kenyans also reported difficulties using Safaricom and Mpesa application services on 27 July 2023. Users also reported issues transferring money from their bank accounts to their mobile wallets, and buying electricity tokens from Kenya Power.

Standard Chartered Bank Kenya, which was among the banks whose digital banking systems were compromised by the attacks issued a notice to customers informing them of the unavailability of online services.

“Our banking/SC mobile app bank to M-PESA and mobile banking *722# services are unavailable. Our ATMs/Cash deposit machines remain available,” the bank stated.

One reason why Anonymous Sudan’s campaigns are effective is they target “layer 7,” or the application layer, of victims’ internet infrastructure — that’s where web servers receive input from users and, in a computationally draining process, serve content in response, according to Charl van der Walt, head of cybersecurity research for Orange Cyberdefense, part of the French telecom Orange SA told Bloomberg.

The motive behind the attack was linked to President William Ruto’s call for the deployment of peacekeepers to Sudan, whose population is largely Muslims, to intervene in the ongoing conflict between the Sudanese army and paramilitary Rapid Support Forces (RFS). However, the Sudanese army has consistently rejected the Kenyan-led initiative, accusing the regional power of supporting the RFS.

The group Anonymous Sudan claims to be conducting cyber strikes in Africa on behalf of oppressed Muslims worldwide. The group has previously taken responsibility for distributed denial of service (DDoS) attacks on government websites and technology firms in several countries, including Sweden, Israel, and now Kenya.