By Mark Kawalya
A confirmation from the Kenya Airports Authority (KAA) indicates that the government body suffered a cyberattack from Medusa, a notorious group of hackers, according to information from NTV, a local TV station.
Although the authority states that the attack led to a leak of procurement plans, site surveys, invoices, procurement plans, and receipts, no sensitive data was compromised.
An anonymous KAA official while speaking to NTV revealed that the cyberattack was executed in February 2023, with the hackers reportedly using the passport and identity card of one of the KAA’s engineers to access the authority’s network.
“All the data that was accessed is public information,” he said, adding that a ransom was demanded by the hackers, but the authority did not engage. “We didn’t know if they had made copies of what they claimed to have.”
According to KAA, the attack did not have any operational or financial impact, even after the attackers released 514 GB of leaked data on the internet. The attack affected the KAA website for a number of days as the attackers released the data.
Medusa demanded a ransom, but KAA did not engage the hackers.
Who is Medusa?
Active since 2021, Medusa is a notorious group of hackers that uses both the Advanced Encryption Standard (AES) and Rivest–Shamir–Adleman (RSA) encryption algorithms to lock up data, making it difficult to recover without paying the hackers a ransom.
Other high-profile attacks have been linked to Medusa, included those at the Minneapolis Public Schools (MPS).
According to Vellum, a news publication, “This combination of symmetric and asymmetric encryption makes it highly challenging to recover the data, leaving victims with no option but to pay the ransom or face the consequences of having their data published online and facing reputational damage.”
The group had gone silent before resurfacing in 2023.
Cybersecurity in Kenya
This incident is a solemn reminder about the increasing threat of cybercrime in Kenya, with information from the Communication Authority indicating that cyberthreats more than doubled between 2021 and 2022.
The increase in cyber threats is attributed to the increase in internet users, which has created a large pool of targets for hackers. Strengthening business and organizational cybersecurity and increasing awareness are key to deterring some of these attacks.
