Cyber Incident Victim: Health Employers Association of BC
Date:
Jun 2023
Location:
Kenya
Summary
A cyberattack attributed to the group Anonymous Sudan disrupted services for a Canadian healthcare employers' organization, impacting payroll and benefits systems. The attackers employed distributed denial-of-service (DDoS) techniques, forcing the victim to take critical systems offline to contain the breach. This caused significant delays in processing employee payments and accessing healthcare benefits. The organization engaged cybersecurity experts to investigate the incident and restore operations while implementing additional protective measures. Affected individuals were notified alongside relevant authorities, though the attackers did not claim unauthorized data access during the disruption. Service restoration efforts prioritized core functions to mitigate ongoing operational impacts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 28, 2023, Kenya's eCitizen government services portal experienced a sustained cyberattack attributed to the hacker group Anonymous Sudan. The attackers employed distributed denial-of-service (DDoS) techniques that initially degraded system performance before causing complete service outages lasting at least three days. Citizens reported widespread inability to access thousands of government services through the portal, encountering error messages during login attempts. ICT Cabinet Secretary Eliud Owalo publicly confirmed the attack on July 1 during a Spice FM interview, characterizing it as part of global cybersecurity challenges while emphasizing no data compromise occurred. The government implemented multiple mitigation strategies during the incident, including switching between Cloudflare and Radware protection services, though Anonymous Sudan claimed these countermeasures proved ineffective against their attacks.
Technical disruption manifested through system slowdowns preceding full outages, with Anonymous Sudan boasting on Telegram about maintaining the disruption despite protection changes. The group threatened escalation, stating they were "preparing something very big" while mocking Kenyan defenses. Government response included activating the Office of the Data Commission to address the breach and implementing 24/7 remediation efforts. Owalo assured citizens of data security, stating "no data has been accessed, and no data has been lost" while acknowledging ongoing capacity building for cyber defenses. Service restoration timelines were projected within the same business day of Owalo's July 1 statement, though the portal had already been nonfunctional for four days according to user reports. The incident highlighted vulnerabilities in critical national infrastructure while demonstrating attacker capabilities to sustain multi-day disruptions against evolving defensive measures.