Cameroon's CNPS Hit by SpaceBears Ransomware Exposing Data
Ransomware Attack on CNPS Cameroon by SpaceBears
The National Social Insurance Fund of Cameroon (CNPS) has recently fallen victim to a significant ransomware attack orchestrated by the notorious hacking group SpaceBears. Despite CNPS's public denial of any breach, cybersecurity monitoring entities, including Ransomware.live, have confirmed the attack. The breach, which occurred on July 29, 2024, was discovered on September 12, 2024, putting millions of sensitive records at risk.
About CNPS Cameroon
Established in 1960, the Caisse Nationale de Prévoyance Sociale (CNPS) is a pivotal institution in Cameroon’s social security framework. It provides social security and welfare benefits to workers in the formal sector, ensuring protection against various social risks such as retirement, disability, illness, and death. CNPS is headquartered in Yaoundé and is recognized as the largest pension fund in the country, covering approximately 10% of the population. The organization has embraced digital transformation, launching online services to enhance client account management.
Attack Overview
SpaceBears compromised CNPS's data, including employee and employer contributions, social security beneficiary information, and insurance details. The exfiltrated data also reportedly includes financial documents, accounting reports, backups, customer databases, Huawei network structures, personal data of employees and citizens, insurance archived data, and future network modernization projects. SpaceBears has threatened to sell this data on the dark web if their ransom demands are not met.
About SpaceBears
SpaceBears is a ransomware group that emerged in early 2024, believed to be operating from Moscow, Russia. They are known for their unique approach to extortion, focusing on data brokering. SpaceBears primarily utilizes a Data Leak Site (DLS) to publish information about their victims, asserting that upon payment, they will remove the published data and provide decryption tools for any encrypted files. Their operations reflect the evolving landscape of cybercrime, where extortion tactics are becoming increasingly sophisticated.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is likely that SpaceBears exploited vulnerabilities in CNPS's digital infrastructure. The organization's recent digital transformation, while beneficial for client management, may have introduced security gaps that were exploited by the attackers. The use of external file-sharing services by SpaceBears indicates a strategic approach to data exfiltration, leveraging third-party platforms to avoid detection and complicate mitigation efforts.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!