Senegal shuts National ID office after ransomware attack

Key Points:

• A ransomware attack attributed to the Green Blood Group has forced Senegal to close its national ID card office, disrupting critical services related to ID, passport, and biometric data management.
• The attack resulted in the theft of 139 GB of sensitive data, including citizen records and immigration documents. Authorities have assured that the integrity of the data remains intact despite the breach.
• Immediate actions include closing the affected office, assessing the impact, and restoring services securely. Collaboration with Malaysian cybersecurity experts is underway to investigate and remediate the situation.

Technical Details: The ransomware attack occurred on January 19, 2026, with hackers breaching two servers at the Directorate of File Automation (DAF) and stealing card personalization data. The attackers claimed responsibility by leaking data and communications as proof.

MITRE ATT&CK Techniques:

• T1486 - Data Encrypted for Impact (Impact)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)

IOCs Mentioned: None mentioned