A reported cyberattack on Senegal’s treasury highlights the vulnerability of African institutions to cybercrime. As parts of the continent go digital at breakneck speed, countries are struggling to build up their defences against hackers and fraudsters at the same pace.
This week, Senegal fell victim to the third cyberattack on a public institution in less than six months.
The government confirmed "an incident" began affecting IT systems at the Public Treasury on 10 May, with users continuing to report disruption days later. According to media reports, hackers claimed responsibility and threatened to release 70 gigaoctets of sensitive data.
In October 2025, the Senegalese tax authority's website was targeted by Black Shrantac, a cyber extortion group. The hackers alleged they had extracted nearly one terabyte of data and demanded a ransom of $10 million.
In January 2026, a department at the Interior Ministry responsible for issuing identity cards was reportedly targeted by hackers calling themselves the Green Blood Group.
Claiming responsibility for the attack, they said they had stolen 139 terabytes from a database said to contain information on the entire Senegalese population – including identity records, biometric data, electoral information and immigration files. It published some of the data on the dark web.
Cybersecurity experts say Senegal is the latest African country to find itself in hackers' sights.
"Through its international visibility in football, the discovery of oil and gas resources, and the recent political transition, Senegal has become an attractive target for emerging cybercriminal groups seeking recognition and visibility," Dakar-based cyber defence specialist Gérard Joseph Francisco Dacosta told RFI.
Continent-wide pattern
Recent years have seen cybercrime on the rise across the continent.
A 2024 cyberattack on the Bank of Uganda cost it nearly $17 million in stolen deposits. In January 2025, a cyberattack on South Africa's national weather service knocked key systems offline, disrupting aviation and marine forecasts across the region.
According to research by cybersecurity software company Check Point, African organisations now face an average of 2,940 attacks per week – around 700 more than the average worldwide.
In its Global Threat Intelligence report for April, the company identified financial services, government, and consumer goods and services as the sectors in Africa subject to the most attacks.
Lorna Hardie, Check Point's regional director for Africa, said "rapid digitalisation combined with uneven security maturity" had made the continent a target for hackers.
Chinese tech, ignored by the West, is taking over Africa's cyberspace
Thousands of victims
On a continent where mobile money is widespread, individuals as well as institutions are victims of cybercrime.
The emergence of artificial intelligence has escalated the threat, experts warn, with Check Point identifying AI-generated deception as "the fastest-growing threat". Deepfake voice and video impersonations can trick users into approving payments, while AI tools allow fraudsters to launch attacks faster and more cheaply.
Across West Africa and East Africa, cybercrime accounts for more than 30 percent of all crime reported, according to Interpol’s Africa Cyberthreat Assessment Report 2025.
Online scams were the most frequently reported attacks, the international police organisation said, while ransomware, business email compromise and digital sextortion were also widespread.
In 2025, Interpol coordinated a joint operation involving 18 African countries that resulted in the arrest of 1,209 cybercriminals who had targeted nearly 88,000 victims.
The three-month crackdown, dubbed Operation Serengeti 2.0, also recovered $97.4 million and dismantled 11,432 malicious infrastructures.
Lack of laws governing cybercrime making Africa a safe haven for cybercriminals
Cyber defence
Security expert Dacosta argues that the real question today is whether countries are resilient enough to detect attacks quickly, limit the damage and recover rapidly afterwards.
"This is where the issue of cyber resilience becomes critical, and on this matter, the situation still varies greatly across Africa," he said.
According to Dacosta, some African governments – such as Morocco and Rwanda – are already using protective measures including advanced antivirus solutions, endpoint threat detection and response, security information and event management, and next-generation firewalls.
He called for countries to invest in a comprehensive response to cybercrime. "Africa should not only consume foreign cybersecurity technologies," he insisted.
"The priority for African governments should be the construction of a true cyber-resilience architecture based on clear governance, modern legal frameworks, large-scale cybersecurity training, regional cooperation, critical infrastructure protection and the progressive development of sovereign cyber defence capabilities.
"They must also invest in cybersecurity operations centres that detect attacks in real time and national cyber emergency response teams."
