KAA confirms data breach, says no sensitive data leaked
Kenya Airports Authority has confirmed that its network was breached in a cyberattack by a notorious group dubbed Medusa.
A KAA official who sought anonymity told NTV that the hack happened back in February 2023.
He said the cyberattack had no ‘significant’ operational and financial impact, with security enhancements implemented to ensure that data stored on affected systems are secure.
“All the data that was accessed is public information,” he said, adding that a ransom was asked by the hackers but the Authority did not engage.
“We didn’t know if they had made copies of what they claimed to have.”
On Tuesday, a suspected member of the notorious cyberterrorist group, Medusa, claimed to have infiltrated some of KAA’s system and stolen files that were leaked online.
The attack affected KAA website for a number of days as the attackers released 514 GB of data, including procurement plans, physical plans, site surveys, invoices and receipts.
While the source privy to the matter did not disclose how the breach took place, he said one of the KAA engineer’s Identity Card and passport was used to access the Authority’s network.
The hacking group, Medusa has first discovered in 2021. The group went silent after a series of attacks, only to resurface in 2023.
According to BleepingComputer, Medusa is behind the recent attacks on Minneapolis Public Schools (MPS), a complex of public schools located in the Minneapolis School District.
Vellum, a news publication, reports that the group is known to utilise both AES (Advanced Encryption Standard) and RSA (Rivest–Shamir–Adleman) encryption algorithms to lock up data.
“This combination of symmetric and asymmetric encryption makes it highly challenging to recover the data, leaving victims with no option but to pay the ransom or face the consequences of having their data published online and face reputational damage.”
According to Communication Authority data, the number of cyber threats more than doubled in the financial year 2021-2022.
The Authority reported an all-time high of 359.2 million threats, a 133 percent increase from 154.4 million recorded in FY2020-21 and 110.9 in 2019.
The growing threat was attributed to an increase in users accessing the internet, creating a larger pool of targets for online criminals.