Ransomware Attack on Kenya Urban Roads Authority by Hunters International: Data Breach

Incident Date:

July 13, 2024

World map

Overview

Title

Ransomware Attack on Kenya Urban Roads Authority by Hunters International: Data Breach

Victim

Kenya Urban Roads Authority (KURA)

Attacker

Hunters International

Location

Barabara Plaza-JKIA, Kenya

, Kenya

First Reported

July 13, 2024

Ransomware Attack on Kenya Urban Roads Authority by Hunters International

Overview of the Attack

The Kenya Urban Roads Authority (KURA) recently fell victim to a ransomware attack orchestrated by the Hunters International ransomware group. During the attack, the hackers managed to exfiltrate approximately 18.4 GB of data, which included around 14,225 files. The compromised data encompasses personally identifiable information (PII), financial documents, and customer data. KURA, a company with an estimated revenue of $5 million and a workforce of 100 employees, is now grappling with the implications of this significant security breach.

About Kenya Urban Roads Authority (KURA)

KURA is a statutory body established under the Kenya Roads Act of 2007. It is responsible for the management, development, rehabilitation, and maintenance of urban road networks in Kenya's cities and municipalities. The authority's road network spans approximately 3,969.27 km, with 465.92 km of paved roads and 3,503.35 km of unpaved roads. KURA's activities are crucial for supporting Kenya's urbanization and economic growth by enhancing mobility, reducing traffic congestion, and promoting sustainable urban environments.

Vulnerabilities and Targeting

KURA's extensive involvement in urban infrastructure projects and its handling of sensitive data make it a prime target for ransomware groups. The authority's reliance on digital systems for planning, design, and maintenance activities presents potential vulnerabilities that threat actors can exploit. The recent attack underscores the need for robust cybersecurity measures to protect critical infrastructure and sensitive information.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the notorious Hive ransomware group. The group's ransomware code contains significant overlap with Hive, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Penetration and Impact

While the exact method of penetration in KURA's case remains unclear, Hunters International is known for using sophisticated techniques to infiltrate systems. These may include phishing attacks, exploiting unpatched vulnerabilities, or leveraging compromised credentials. The attack on KURA has resulted in significant data breaches, financial losses, and reputational damage, highlighting the persistent threat posed by ransomware groups.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.