Ransomware Attack on Telecom Namibia by Hunters International

Telecom Namibia, the state-owned telecommunications provider, has fallen victim to a ransomware attack orchestrated by the notorious group Hunters International. This breach has resulted in the exfiltration of 626.3 GB of data, affecting 492,633 files, and exposing sensitive customer information, including data related to high-ranking government officials.

About Telecom Namibia

Established in August 1992, Telecom Namibia is the national telecommunications operator, wholly owned by the Government of Namibia. The company serves over 619,000 customers, providing a comprehensive range of communication solutions, including fixed-line, mobile, broadband, and ICT services. As a subsidiary of Namibia Post and Telecom Holdings Limited, Telecom Namibia stands out for its extensive digital telecommunications network, which is the largest in the country. Despite its robust infrastructure, the company’s significant customer base and government ownership make it an attractive target for cybercriminals.

Attack Overview

The ransomware group Hunters International claims responsibility for the attack, which has led to the unauthorized release of sensitive data. Initially, Telecom Namibia's Chief Executive, Stanley Shanapinda, believed no sensitive information was compromised. However, further analysis revealed the exposure of personal identification details, addresses, and banking information. The leaked data has been circulated on social media, prompting Telecom Namibia to collaborate with security officials to mitigate further exposure and pursue legal action against the perpetrators.

Hunters International: A Notorious Ransomware Group

Emerging in October 2023, Hunters International operates as a Ransomware-as-a-Service (RaaS) group, leveraging code from the defunct Hive ransomware. The group is known for its double extortion tactics, combining data encryption with data theft to maximize leverage over victims. Their malware, developed in Rust, allows for cross-platform targeting, making it highly adaptable and effective against enterprise environments. Hunters International affiliates typically use phishing campaigns, RDP exploitation, and social engineering techniques to gain initial access, which may have been the method used to penetrate Telecom Namibia’s systems.

Response and Implications

In response to the attack, Telecom Namibia has advised customers to update passwords and avoid suspicious financial transactions. President Nangolo Mbumba condemned the attack, emphasizing cybersecurity as a national security issue. The company continues to work with law enforcement and cybersecurity experts to address the breach and has warned against the misuse of leaked information, which constitutes a criminal offense.

Sources

• Ransomware.live Post
• Telecom Namibia - Who We Are
• Telecom Namibia - Wikipedia