Senegal is currently facing a major cybersecurity crisis. Several strategic state institutions have been victims of sophisticated cyberattacks, exposing critical vulnerabilities in our national digital infrastructures. Between ransomware, theft of sensitive data, and astronomical ransom demands, the country faces a threat that goes far beyond the technical realm to touch on national sovereignty.
The Directorate for Automation of Files (DAF) announced this week the temporary suspension of national identity card production following a cyberattack detected in early February 2026. The cybercriminal group "The Green Blood Group" claims responsibility for this attack and asserts holding no less than 139 terabytes of data including:
What is particularly concerning is that this group, which only appeared in early 2026, reportedly targeted only two countries: Senegal and Egypt. This attack also raises questions about the management of technical service providers, notably Iris Corporation, whose reaction upon discovering the intrusion fueled questions about a possible underlying commercial conflict.
A few months earlier, in October 2025, the General Directorate of Taxes and Domains (DGID) suffered an equally devastating attack. The group "BlackShantrac" paralyzed the tax administration's computer systems, rendering tax management and collection software inaccessible.
The hackers are demanding a ransom of 10 million euros (about 6.5 billion FCFA) and claim to have stolen 1 terabyte of sensitive data including:
The DGID attempted to downplay the incident by citing a simple "technical problem," but the facts speak for themselves: the systems remained paralyzed for several days, severely disrupting tax services.
These cyberattacks are not isolated incidents. They highlight several critical issues:
1. Obsolete or poorly secured infrastructure The affected institutions likely use aging or misconfigured systems, facilitating intrusion by cybercriminals.
2. Lack of cybersecurity culture Insufficient training of public agents in IT security best practices creates easy entry points for attackers.
3. Absence of an effective response plan The delayed reactions and poor communication from authorities demonstrate the absence of clear protocols in the event of a cyberattack.
4. Dependence on external providers The management of critical systems by third-party companies raises questions of digital sovereignty and control of strategic infrastructures.
As a digital professional, I believe it is urgent to act on several fronts:
For public institutions:
For private companies:
For the Senegalese tech ecosystem:
These attacks constitute an alarm signal that we can no longer ignore. The digital transformation we are calling for to accelerate the country's development cannot happen without a solid cybersecurity foundation.
Senegal must invest massively in the protection of its critical digital infrastructures. At stake is the protection of millions of citizens' data, economic stability, and, ultimately, our digital sovereignty.