NetOne Cellular Hit by Major Ransomware Attack from Hunters International
Ransomware Attack on NetOne Cellular by Hunters International
NetOne Cellular Private Limited, a leading telecommunications company in Zimbabwe, has fallen victim to a ransomware attack orchestrated by the notorious Hunters International group. The attackers claim to have exfiltrated a significant amount of sensitive data, including corporate files, executive email archives, and general email records.
About NetOne Cellular
Established in 1996, NetOne Cellular is a wholly government-owned entity under the Posts and Telecommunications Corporation (PTC). The company has grown from its initial 500 lines to serve approximately 4 million subscribers, holding a market share of about 36.6% in Zimbabwe's mobile telecommunications sector. NetOne offers a wide range of services, including mobile voice, data packages, mobile Wi-Fi, bulk SMS services, and mobile financial services. The company is also committed to enhancing digital literacy and bridging the digital divide within communities.
Operational Challenges and Vulnerabilities
Despite its extensive service offerings, NetOne has faced significant operational challenges, including concerns about financial viability and transparency. Issues such as incomplete bank reconciliations and unaccounted deposits have been highlighted by the Auditor General, raising questions about the company's ability to continue operations effectively. These vulnerabilities may have made NetOne an attractive target for cybercriminals.
Attack Overview
Hunters International claims to have infiltrated NetOne's systems, obtaining 48.5 GB of corporate data, 98.4 GB of executive email archives, and 46.4 GB of general email records. The group has posted sample screenshots on their dark web portal to substantiate their claims. The attack has raised significant concerns about the security of NetOne's data and the potential impact on its operations and reputation.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive, suggesting a shared technical lineage. Hunters International focuses on data exfiltration and extortion, targeting victims across various regions without a specific focus on particular industries. The group has been linked to Nigeria through domain registrations and email addresses, although they use fake identities to conceal their true origins.
Penetration Methods
While the exact methods used by Hunters International to penetrate NetOne's systems are not disclosed, the group's tactics typically involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. The significant overlap with Hive ransomware suggests that Hunters International may have inherited or adapted Hive's encryption methods and operational strategies.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!