NetOne Cellular Hit by Major Ransomware Attack from Hunters International
Incident Date:
August 12, 2024
Overview
Title
NetOne Cellular Hit by Major Ransomware Attack from Hunters International
Victim
NetOne Cellular
Attacker
Hunters International
Location
First Reported
August 12, 2024
Ransomware Attack on NetOne Cellular by Hunters International
NetOne Cellular Private Limited, a leading telecommunications company in Zimbabwe, has fallen victim to a ransomware attack orchestrated by the notorious Hunters International group. The attackers claim to have exfiltrated a significant amount of sensitive data, including corporate files, executive email archives, and general email records.
About NetOne Cellular
Established in 1996, NetOne Cellular is a wholly government-owned entity under the Posts and Telecommunications Corporation (PTC). The company has grown from its initial 500 lines to serve approximately 4 million subscribers, holding a market share of about 36.6% in Zimbabwe's mobile telecommunications sector. NetOne offers a wide range of services, including mobile voice, data packages, mobile Wi-Fi, bulk SMS services, and mobile financial services. The company is also committed to enhancing digital literacy and bridging the digital divide within communities.
Operational Challenges and Vulnerabilities
Despite its extensive service offerings, NetOne has faced significant operational challenges, including concerns about financial viability and transparency. Issues such as incomplete bank reconciliations and unaccounted deposits have been highlighted by the Auditor General, raising questions about the company's ability to continue operations effectively. These vulnerabilities may have made NetOne an attractive target for cybercriminals.
Attack Overview
Hunters International claims to have infiltrated NetOne's systems, obtaining 48.5 GB of corporate data, 98.4 GB of executive email archives, and 46.4 GB of general email records. The group has posted sample screenshots on their dark web portal to substantiate their claims. The attack has raised significant concerns about the security of NetOne's data and the potential impact on its operations and reputation.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive, suggesting a shared technical lineage. Hunters International focuses on data exfiltration and extortion, targeting victims across various regions without a specific focus on particular industries. The group has been linked to Nigeria through domain registrations and email addresses, although they use fake identities to conceal their true origins.
Penetration Methods
While the exact methods used by Hunters International to penetrate NetOne's systems are not disclosed, the group's tactics typically involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. The significant overlap with Hive ransomware suggests that Hunters International may have inherited or adapted Hive's encryption methods and operational strategies.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.