Notorious Hackers Breach KAA, Disrupt Operations, Leak 514 GB Data

The Kenya Airports Authority (KAA), an autonomous body charged with the responsibility of providing and managing all airports in Kenya, was reportedly invaded through its network by notorious hackers.

On Tuesday, April 11, a suspected member of the notorious cyberterrorist group dubbed Medusa claimed to have breached some of KAA’s system and stolen files that were leaked online.

The attackers had leaked up to 514 GB of data, including procurement plans, physical plans, site surveys, invoices and receipts in the attack that affected normal operations of the KAA website.

Immigration desks at JKIA. /KAA

Attempts to contact the authority by Viral Tea on the matter by the time of publishing did not bear fruit. However, NTV reported that a source at KAA revealed that the hack took place in February 2023.

The source noted that the cyberattack had no ‘significant’ operational and financial impact, with security enhancements implemented to ensure that data stored on affected systems were secure.

“All the data that was accessed is public information. We didn’t know if they had made copies of what they claimed to have,” he stated, adding that a ransom was asked by the hackers but KAA did not engage.

Despite the source not revealing how the hack took place, he revealed that one of the identity cards belonging to a KAA engineer and passport was used to access the authority's network.

According to BleepingComputer, Medusa is a ransomware operation that gained momentum in 2023, targeting corporate victims worldwide with million-dollar ransom demands.

The Medusa operation started in June 2021 but had relatively low activity, with few victims. However, in 2023 the ransomware gang increased in activity and launched a 'Medusa Blog' used to leak data for victims who refused to pay a ransom.

Medusa was also found to be behind the recent attacks on Minneapolis Public Schools (MPS), a complex of public schools located in the Minneapolis School District. The gang also claimed responsibility for an attack on the Open University of Cyprus (OUC) on Thursday, April 6, which caused severe disruptions to the organization's operations.

The group posted OUC on its data leak site, giving the institute 14 days to respond to its ransom demands. The hackers asked for Ksh13.4 million (US$100,000).

Vellum, a news publication, reports that the group is known to utilise both AES (Advanced Encryption Standard) and RSA (Rivest–Shamir–Adleman) encryption algorithms to lock up data.

“This combination of symmetric and asymmetric encryption makes it highly challenging to recover the data, leaving victims with no option but to pay the ransom or face the consequences of having their data published online and face reputational damage.”

According to data from the Communications Authority of Kenya (CA), the number of cyber threats more than doubled in the financial year 2021-2022, with CA recording an all-time high of 359.2 million threats, a 133 per cent increase from 154.4 million recorded in FY2020-21 and 110.9 in 2019.

The growing threat was attributed to an increase in users accessing the internet, affording more targets for criminals to choose from.

A hacker working on his computers. /AVAST