Ransomware Attack on Kenya Urban Roads Authority by Hunters International

Overview of the Attack

The Kenya Urban Roads Authority (KURA) recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. During the attack, the hackers managed to exfiltrate approximately 18.4 GB of data, which included around 14,225 files. The compromised data encompasses personally identifiable information (PII), financial documents, and customer data. KURA, a company with an estimated revenue of $5 million and a workforce of 100 employees, is now grappling with the implications of this significant security breach.

About Kenya Urban Roads Authority (KURA)

KURA is a statutory body established under the Kenya Roads Act of 2007. It is responsible for the management, development, rehabilitation, and maintenance of urban road networks in Kenya's cities and municipalities. The authority's road network spans approximately 3,969.27 km, with 465.92 km of paved roads and 3,503.35 km of unpaved roads. KURA's activities are crucial for supporting Kenya's urbanization and economic growth by enhancing mobility, reducing traffic congestion, and promoting sustainable urban environments.

Vulnerabilities and Targeting

KURA's extensive involvement in urban infrastructure projects and its handling of sensitive data make it a prime target for ransomware groups. The authority's reliance on digital systems for planning, design, and maintenance activities presents potential vulnerabilities that threat actors can exploit. The recent attack underscores the need for robust cybersecurity measures to protect critical infrastructure and sensitive information.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Impact

While the exact method of penetration in KURA's case remains unclear, Hunters International is known for using sophisticated techniques to infiltrate systems. These may include phishing attacks, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack on KURA has resulted in significant data breaches, financial losses, and reputational damage, highlighting the persistent threat posed by ransomware groups.

Sources

• Kenya Urban Roads Authority
• SOCRadar: Dark Web Profile - Hunters International
• Quorum Cyber: Hunters International Ransomware Report
• Global Security Mag: Hive Ransomware's Offspring