HQ/EMEAFind out how we can help your business
Our researchers in iZOOlogic discovered that the Medusa ransomware group claimed an attack against Kenya Airports Authority. According to our research team, the group confirmed that they successfully breached the aeronautics entity’s system and stole troves of data in a massive data security breach.
However, the group has yet to disclose the amount of information it acquired during its cybercriminal operation.
Kenya Airports Authority (KAA) owns and manages numerous airports.
Nine Airports in Kenya are all governed by the Kenya Airports Authority. The ruling Kenya African Union government established this organisation via an act of Parliament in 1992.
The Kenyan government has strengthened the power possessed by Kenya Airports Authority by executing the KAA act, which provides the agency license and functions over their aeronautics firms.
Hence, the attack against this massive entity could cause widespread disruptions within the Kenyan territory since it handles most airports and airstrips. In addition, the Medusa ransomware group has yet to reveal the total number of details they obtained; therefore, the group could leverage it as an advantage to create demand against the affected country.
Our researchers confirmed that the ransomware group obtained critical data and archives from its victim. The verified information harvested by the threat actors during the attack is airport floor plans, contingency plans, civil aviation regulation documents, Simfox documents, admin manual, and the Airport’s master plan.
The Medusa operators also acquired employee-related details during its campaigns, such as attendance lists, security passes, software lists, airport committees, and Information Technology (IT) folder.
Our researchers explained that the ransomware attack occurred on March 1. This detail explains why the attackers have yet to disclose the amount of data they stole during their operations against the Kenya Airports Authority.
Therefore, it could be that Medusa obtained additional details from its victim during its March 1 ransomware campaign.
iZOOlogic suggests that the KAA personnel should be wary of unwanted communications. The threat actors could have used the stolen data to execute targeted phishing campaigns while they have yet to demand ransom.
