Ransomware Attack on Kenya Urban Roads Authority by Hunters International: Data Breach
Ransomware Attack on Kenya Urban Roads Authority by Hunters International
Overview of the Attack
The Kenya Urban Roads Authority (KURA) recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. During the attack, the hackers managed to exfiltrate approximately 18.4 GB of data, which included around 14,225 files. The compromised data encompasses personally identifiable information (PII), financial documents, and customer data. KURA, a company with an estimated revenue of $5 million and a workforce of 100 employees, is now grappling with the implications of this significant security breach.
About Kenya Urban Roads Authority (KURA)
KURA is a statutory body established under the Kenya Roads Act of 2007. It is responsible for the management, development, rehabilitation, and maintenance of urban road networks in Kenya's cities and municipalities. The authority's road network spans approximately 3,969.27 km, with 465.92 km of paved roads and 3,503.35 km of unpaved roads. KURA's activities are crucial for supporting Kenya's urbanization and economic growth by enhancing mobility, reducing traffic congestion, and promoting sustainable urban environments.
Vulnerabilities and Targeting
KURA's extensive involvement in urban infrastructure projects and its handling of sensitive data make it a prime target for ransomware groups. The authority's reliance on digital systems for planning, design, and maintenance activities presents potential vulnerabilities that threat actors can exploit. The recent attack underscores the need for robust cybersecurity measures to protect critical infrastructure and sensitive information.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Impact
While the exact method of penetration in KURA's case remains unclear, Hunters International is known for using sophisticated techniques to infiltrate systems. These may include phishing attacks, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack on KURA has resulted in significant data breaches, financial losses, and reputational damage, highlighting the persistent threat posed by ransomware groups.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!