Cyber Incident Victim: Senegal

On or around May 25, 2023, a group of hackers identifying as Mysterious Team launched a series of distributed denial-of-service (DDoS) attacks against multiple official websites of the Senegalese government. The attacks occurred overnight into Friday, causing significant disruption to the government's online presence. The group publicly claimed responsibility for these cyber attacks through a series of posts on the social media platform Twitter, utilizing the hashtag #FreeSenegal. This hashtag was concurrently being used by campaigners and activists who were alleging instances of political repression within the country, creating a direct link between the cyber incident and the ongoing socio-political climate.

The timing of these cyber attacks coincided with a period of heightened political tension and civil unrest in Senegal. The nation had been experiencing more than two years of periodic, and at times violent, protests. These protests were driven by a host of issues, central among them being fears within the opposition that President Macky Sall might attempt to seek an unconstitutional third term in the upcoming February 2024 presidential election. Further fueling the tensions, the political opposition had accused President Sall's government of utilizing the judicial system to target potential challengers, most notably the popular politician Ousmane Sonko, who had finished third in the 2019 presidential race. The government authorities denied these accusations, maintaining that the legal cases against Sonko were not politically motivated. The cyber attack unfolded against the backdrop of a particularly violent incident; on Friday, May 26, one person, a 37-year-old man, was killed during clashes between state security forces and supporters of Ousmane Sonko in the city of Kolda. This event was part of a larger ongoing march by Sonko back to the capital, Dakar, which he had urged his followers to join as an act of defiance.

The technical nature of the attack was a distributed denial-of-service (DDoS), a method that functions by directing exceptionally high volumes of internet traffic toward targeted servers. This flood of traffic is designed to overwhelm the servers' capacity, rendering them unable to respond to legitimate requests and ultimately knocking the associated websites offline. The specific government websites targeted in this campaign included the official site of the presidency, the main government portal, and the website of the finance ministry. The attack successfully rendered several of these critical public-facing services inaccessible for a sustained period.

The Senegalese government's detection of and initial response to the incident was formally communicated in the early hours of Saturday, May 27, 2023. Government spokesperson Abdou Karim Fofana issued an official statement confirming that the cyber attacks had taken place and had caused the websites to go offline. In his statement, Fofana assured the public that all necessary efforts were being undertaken to restore the affected online services. The containment and recovery efforts proceeded throughout the day on Saturday. By the evening of May 27, the restoration process had achieved partial success. The presidency's official website was confirmed to be back online and operational. However, several other key official websites, including the main government site and the finance ministry's site, remained offline and inaccessible to the public, indicating the persistent impact of the attack or the complexity of the recovery process.

The threat actor behind the incident, Mysterious Team, identified itself through its Twitter account as being composed of "cyber warriors from Bangladesh." The motivation provided by the group for targeting Senegal was stated as working "for justice for Senegal innocent peoples," aligning their actions with the opposition's narrative of political repression. The connection between a hacker group based in Bangladesh and the internal political affairs of Senegal was not explicitly clear from the available information. According to analyses from the European Repository of Cyber Incidents, an independent research consortium that studies cyber incidents, Mysterious Team is a relatively little-known entity. However, the group has a prior history of carrying out cyber attacks, with previous targets including the Ethiopian health ministry and various Indian media organizations.

The immediate impact of the incident was the successful disruption of key government digital services, limiting public access to official information and portals for a period exceeding 24 hours for some sites. This constituted a tangible degradation of the government's ability to communicate and operate online. The broader consequences of the attack extended beyond mere technical disruption. By leveraging the #FreeSenegal hashtag, the attackers explicitly and publicly linked their cyber activities to the ongoing real-world political protests and violence, effectively amplifying the opposition's message and allegations on an international stage. The incident drew significant media attention, with major international news agencies like Reuters reporting on the cyber attack alongside the physical clashes occurring in the country, thereby framing the event within the wider context of political instability. The government's response was limited to public acknowledgement and efforts to restore service, with no immediate public details provided regarding deeper forensic analysis, attribution beyond the group's own claims, or any potential long-term security measures to be implemented as a result of the attack. The incident served as a clear example of how cyber attacks can be employed as a tool of political activism or protest, directly targeting government infrastructure during moments of acute national crisis.