Kenya’s government has been fighting off a huge cyber-attack
Since almost a week ago, Kenya’s government has been fighting a massive cyber-attack that has affected its online services.
A number of private companies have also been affected by the attack, although the extent of the damage has not yet been determined.
Still, it is unclear who was behind it and what the motive was.
A cyber-attack on the eCitizen portal, which offers over 5,000 government services to the public, has been confirmed by the government.
The difficulties accessing services on the portal had been reported for several days, including:
Renewals and applications for passports
Foreigners visiting the country can obtain e-visas
The issuance of driving licenses, identification cards, and national health records
Due to the challenges with the eCitizen system, the government had to promise visas on arrival to visitors who qualified for e-visas.
Electricity payment systems and train booking systems were also disrupted.
Also affected were mobile-money banking services, as well as payments made at shops, public transportation vehicles, hotels, and other locations using M-Pesa, a popular mobile-money platform.
Safaricom, which operates the service, has not officially commented, and it is unclear whether the hack affected them.
People have been encouraged to use online government services, and this, coupled with widespread adoption of mobile money payments, meant many Kenyans felt the impact of the attack.
Approximately 76% of Kenyans use mobile money, and 67% use mobile internet.
Information, Communication and Digital Economy Minister Eliud Owalo confirmed the attack, but stressed that no data had been accessed or lost.
On Friday, ministry officials met with private sector players to discuss cyber security issues, although it’s unclear whether the meeting was triggered by the attack or preplanned.
However, intermittent interruptions continue to affect the speed and access to online services despite efforts to block the source of the attack.
Anonymous Sudan has claimed responsibility for the attack.
Described as Sudanese cyber-warriors and vowing to attack anyone who interferes in Sudan’s internal affairs, the group may have links to Russia.
In addition to supporting Russia, the group has become an affiliate of the pro-Russian hacking group Killnet. According to the company, it has no connection to the famous international hacktivist collective Anonymous.
A group called Anonymous Sudan emerged in January this year and has become extremely prolific, committing disruptive, albeit not sophisticated, attacks on a regular basis.
A warning of an impending attack on Kenyan systems was posted on Sunday on the group’s Telegram channel.
The attack was sparked by Kenya’s meddling in Sudanese affairs and its statements doubting the government’s sovereignty.
Sudanese authorities have repeatedly rejected Kenyan President William Ruto’s attempts to mediate in the conflict between the Sudanese military and the paramilitary Rapid Support Forces (RSF).
A video showing a Sudanese general taunting President Ruto and the Kenyan army went viral last week.
A member of parliament from Mr Ruto’s party then recorded a video hitting back at the general, which was widely shared as well.
A member of Anonymous Sudan and a cyber researcher called IntelCocktail were interviewed Cyber Correspondent Joe Tidy over Telegram last week.
Russian links were denied by the group.
“Those claims are all false; we sometimes write in Russian because there are many Russian members in our channel,” the spokesperson said.
A report released earlier this year by cyber-security provider Truesec revealed that Anonymous Sudan’s Telegram account lists its user location as Russia.
Cyber-security companies like Mandiant and Trustwave suggest that the group might be associated with or working for the Kremlin, but neither company has proven it.
Cyber-security expert Nathaniel Allen of the Africa Center for Strategic Studies told that it was unquestionably a pro-Russian hacker group and didn’t appear to have any links to Sudan.
According to him, its “tools, techniques, and practices mirror those of other Russian hacking groups. The group appears to have targeted mostly Western or West-aligned countries and governments. It does not appear to have attacked any Russian targets.”
A group supporting the Kremlin declared its support for the Kremlin in June during the Wagner mutiny.
In their words: “We don’t care about Russian affairs, but we wanted to repay Russians for their support.”
In his interview, Joe Tidy said he couldn’t draw any firm conclusions about the group’s true identity.