eCitizen Anonymous Sudan DDoS attack

Beginning on 23 July 2023, the pro-Russian hacktivist group Anonymous Sudan launched a sustained distributed denial-of-service (DDoS) campaign against eCitizen, the unified portal through which the Kenyan government had just consolidated roughly 5,000 public services. Within days, ordinary Kenyans found they could not pay for electricity, move money, or apply for travel documents.

What happened

Weeks earlier, Kenya had routed thousands of government services — and their payments — through a single eCitizen gateway. That consolidation made the portal enormously convenient and a single point of failure. Anonymous Sudan exploited exactly that, flooding the platform with what ICT Cabinet Secretary Eliud Owalo described as "extraordinary requests" designed to overwhelm and clog the system.

The attack rippled far beyond eCitizen. Affected services reportedly included:

M-Pesa, the mobile-money backbone operated by Safaricom, with bank-to-wallet transfers and USSD transactions failing intermittently.
Kenya Power electricity-token purchases, leaving households unable to top up prepaid meters.
Visa and immigration processing, prompting emergency visa-on-arrival measures.
Rail ticketing, business registration, university and hospital websites, and major media outlets.

Government response

Kenyan technical teams blocked the offending source IP addresses, though intermittent disruption persisted for several days. Owalo publicly confirmed that no data was accessed or stolen — consistent with a DDoS, which floods availability rather than breaching confidentiality. The government framed the incident as a resilience failure to be hardened rather than a data breach.

Attribution and motive

Anonymous Sudan claimed the campaign was retaliation for Kenyan statements it said cast doubt on the sovereignty of Sudan's government, amid Nairobi's mediation role in the Sudanese civil war. Security researchers widely assess that, despite its name and stated cause, the group operates as a pro-Russian outfit with ties to broader Kremlin-aligned hacktivist networks, specialising in disruptive, low-sophistication DDoS attacks against Western allies and their partners.

Why it matters

The eCitizen attack is a cautionary tale about digital-government centralisation. Funnelling 5,000 services and their payment rails through one portal delivered efficiency but created a target whose disruption cascaded across finance, energy, transport and immigration simultaneously. It pushed Kenya — and other rapidly-digitising African states — to invest in DDoS mitigation, traffic scrubbing and redundancy for critical-information infrastructure, and it showcased how a relatively unsophisticated hacktivist group can paralyse a nation's daily life by attacking availability alone.

Timeline

June 1, 2023

Kenya migrates roughly 5,000 government services onto a single eCitizen payment gateway, concentrating access in one platform.

July 23, 2023

Anonymous Sudan begins a sustained DDoS barrage against eCitizen and other Kenyan online services.

July 26, 2023

M-Pesa, Kenya Power token purchases, rail ticketing and visa services suffer intermittent outages as the attack intensifies.

July 27, 2023

ICT Cabinet Secretary Eliud Owalo acknowledges the attack, says no data was lost, and reports source IPs are being blocked.

July 28, 2023

Anonymous Sudan threatens to escalate after Friday prayers; the government deploys emergency visa-on-arrival procedures.

Sources

techmonitor.aihttps://www.techmonitor.ai/technology/cybersecurity/anonymous-sudan-kenya-ddos-cyberattack-ecitizen

techcabal.comhttps://techcabal.com/2023/07/27/pro-sudan-hackers-attack-digital-services-in-kenya/

theeastafrican.co.kehttps://www.theeastafrican.co.ke/tea/news/east-africa/services-unavailable-as-kenya-grappled-with-cyberattack-4318812

cipit.strathmore.eduhttps://cipit.strathmore.edu/kenyas-digital-infrastructure-under-threat-a-look-at-anonymous-sudans-thwarted-cyberattack-attempt-and-its-implications-for-kenyas-digital-systems/

Related incidents

DDoSResolvedApril 27, 2007

2007 cyberattacks on Estonia

A three-week wave of distributed denial-of-service attacks crippled Estonian government, banking, and media websites amid a dispute with Russia, becoming the first cyber assault on an entire nation-state and the birthplace of NATO's cyber-defence doctrine.

Victim: Republic of Estonia (government, banks, media)

Data breachinvestigatingJanuary 31, 2025

Business Registration Service data breach

Attackers exfiltrated Kenya's national company-registry data from the Business Registration Service — including ownership and beneficial-owner records touching President Ruto and the Kenyatta family's firms — and offered it for sale on the dark web.

Victim: Business Registration Service (BRS)

DDoSResolvedMay 29, 2023

Greek school-exam system DDoS attack

A massive multi-day DDoS attack on Greece's 'Subject Bank' (Trapeza Thematon) high-school exam platform disrupted nationwide exams with up to 280,000 connections per second and 165 million hits from 114 countries, the largest attack on a Greek public body.

Victim: Greek Ministry of Education (Subject Bank / Trapeza Thematon)

DDoSResolvedMarch 23, 2026

Intoxalock: a cyberattack locks cars in the United States

Around 14 March 2026, US ignition-interlock provider Intoxalock was hit by a DDoS-style flood that knocked its servers offline for about a week, disrupting calibration and account services and leaving an estimated 150,000 court-ordered drivers across 46 states unable to start their cars.

Victim: Intoxalock