A new ransomware group calling itself The Green Blood Group breached two servers at Senegal’s Directorate of File Automation, exposing biometric data, immigration records and other personal information for the country’s nearly 20 million residents. The attack began in mid-January, with the group later leaking a ransom note and claiming to have exfiltrated 139TB of data, though the leak site later indicated 139GB as cited by researchers.
After the Dark Web leak went live, the DAF publicly acknowledged the breach on 5 February, revealing a temporary suspension of new national ID card production while officials assured the public that data integrity remained intact. The incident follows the hackers’ breach of two servers including a domain controller and a Perso server, which IRIS Corporation Berhad and Senegalese authorities say were compromised, allowing potential lateral movement and access to sensitive records.
The event has prompted commentary from Aboubacar Yacouba Mai Birni and analysis that Africa’s digital ambition may have outpaced cybersecurity maturity, with The Gambia Journal noting the disruption to DAF operations for at least five days.