Egyptian Tax Authority Hit by Money Message Ransomware Attack

Incident Date: Nov 17, 2024

Attack Overview

VICTIM

The Egyptian Tax Authority (ETA)

INDUSTRY

Consumer Services

LOCATION

Egypt

ATTACKER

Money Message

FIRST REPORTED

November 17, 2024

Request Removal

Ransomware Attack on the Egyptian Tax Authority: A Closer Look

On November 18, the Egyptian Tax Authority (ETA), a pivotal institution in Egypt's fiscal framework, was reportedly targeted by the Money Message ransomware group. This attack has raised significant concerns about the cybersecurity posture of governmental bodies in Egypt, especially those handling sensitive financial data.

Overview of the Egyptian Tax Authority

Established in 2006, the Egyptian Tax Authority is responsible for tax collection and administration in Egypt. It operates under the Ministry of Finance and plays a crucial role in implementing Egypt's fiscal policies. The ETA has been at the forefront of modernizing tax administration through digitalization, including initiatives like electronic invoicing and a unified payroll tax calculation system. These efforts are part of a broader strategy to enhance efficiency and transparency in tax processes.

While the ETA's modernization efforts are commendable, they also make it a prime target for cybercriminals. The transition to digital platforms, although aimed at improving service delivery, can expose vulnerabilities if not adequately secured. The authority's extensive data repositories, including sensitive taxpayer information, make it an attractive target for ransomware groups like Money Message.

Details of the Ransomware Attack

The Money Message ransomware group claims to have exfiltrated 500 GB of sensitive data from the ETA's systems. Despite these claims, the ETA has publicly denied any breach, asserting that their advanced security measures have effectively safeguarded their data. The discrepancy between the group's claims and the ETA's denial highlights the challenges in verifying the extent of such cyberattacks.

About the Money Message Ransomware Group

Money Message is a relatively new but sophisticated ransomware group that emerged in March 2023. Known for its double extortion tactics, the group encrypts and exfiltrates data, threatening to publish it if ransoms are not paid. The group employs advanced encryption techniques, including the Elliptic Curve Diffie-Hellman key exchange and ChaCha20 stream cipher, complicating detection and recovery efforts.

The group's ability to penetrate systems often involves exploiting vulnerabilities in digital infrastructures or leveraging stolen credentials. In the case of the ETA, the rapid digitalization and integration of new technologies could have inadvertently created security gaps that the attackers exploited.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.