Amazement at the headquarters of the African Union (AU) in Addis Ababa. On March 3, ten days after the closure of the annual summit of the organization which brings together the heads of state of the continent, suddenly it is the black screen. The computer system collapsed. “A massive cyberattack has compromised the capabilities of our data center and cut off access to our services and applications,” Commission Vice-President Monique Nsanzabaganwa warned on March 7 in an internal memo, that Le Monde s is provided.
The attack immediately paralyzes the institution’s intranet. Financial services are inaccessible, as are mailboxes and staff performance management software. More than 200 computers are infected, causing panic within the Pan-African organization.
“We are in limbo”
Several African diplomats first thought of an attack from a foreign power. The name of Israel initially circulated in the wide marble hallways of the headquarters in Addis Ababa, Ethiopia. Some wanted to believe in revenge from the Jewish state after the expulsion of its diplomat Sharon Bar-li, during the last general assembly of the AU, against a backdrop of controversy over the observer status granted to Israel.
The hackers ended up identifying themselves when demanding a ransom. According to several sources within the institution, the Russian hacker group BlackCat requested by email that they be paid $3 million to stop their attack.
In the absence of a response from the AU to its multiple requests, Le Monde could not determine the exact amount of the ransom, or whether it was paid, but a West African diplomat based in Addis Ababa summarizes the reasons organizational embarrassment. “The institution has no insurance against such risks of intrusion,” he said. “Until then, all organs are trying to cover up the matter,” another diplomatic source said. “We are in the dark, the Commission has not given us any details of the attack since March 7,” concludes the member of a North African embassy, ??frustrated.
Fortunately for the organization, the data stored in its data center – located in Nairobi – was backed up the day before the attack and is said to be partly intact. Since then, it has taken the intervention of teams from Interpol, Afripol and the African Development Bank – which paid $6 million for the operation – to clean up computers, restore some services and begin upgrading. update of a particularly friable security system.
” Colander “
According to a North African diplomat, “less than 40%” of AU IT services are restored two months after the attack. There is no Wi-Fi or mailboxes. “Staff have to work ‘remote’, with their own equipment, their own computers and their own internet modems,” he says. In other words, it’s a mess.
This is not the first attack by the Russian hacker group BlackCat. It targets large organizations and gained notoriety by stealing 700 gigabits of data from the Italian energy agency GSE. In another attack, the Russian group had in 2022 demanded a ransom of 5 million dollars from the Austrian region of Carinthia against the delivery of data recovery software that it had stolen from the administration.
For the AU and hundreds of concerned diplomats, the question of the vulnerability of computer systems is once again being raised. One case in particular haunts people’s minds. In 2017, the organization’s IT unit discovered that the organization’s sensitive data was mysteriously siphoned off overnight. An investigation by Le Monde then revealed that they were routed to servers located in Shanghai, China being the generous builder and donor of the AU headquarters in Addis Ababa.
Only Beijing delivered the building turnkey in 2012, after stuffing the walls and conference rooms with spy microphones. The UA has since acquired its own servers, but never been able to stand in the way of hackers. Ironically, several members of the organization have nicknamed it “the sieve”.
