Kenya Airports Authority’s System Breached by Cyberattackers

The Kenya Airports Authority (KAA) has confirmed that its network was infiltrated in a cyberattack.

A KAA official who sought anonymity told NTV that the cyberattack by a notorious group called Medusa occurred in February, adding that it did not have a ‘significant’ operational and financial impact.

The official further divulged that the hackers demanded a ransom but KAA did not engage and that security enhancements were implemented to ensure that data stored on affected systems are secure.

“All the data that was accessed is public information. We didn’t know if they had made copies of what they claimed to have,” the official said as quoted by NTV.

On Tuesday, a suspected member of the cyberterrorist group claimed they infiltrated KAA’s system and stole files that were leaked online. The attackers released 514 GB of data, including procurement plans, physical plans, site surveys, invoices, and receipts.

Medusa was first discovered in 2021 but the group went silent after a series of attacks, only to resurface in 2023.

The hacking group is said to be behind the recent attacks on Minneapolis Public Schools (MPS), a complex of public schools located in the Minneapolis School District, according to BleepingComputer.

Vellum reports that the group is known to utilize both Advanced Encryption Standard (EAS) and Rivest–Shamir–Adleman (RSA) encryption algorithms to lock up data.

“This combination of symmetric and asymmetric encryption makes it highly challenging to recover the data, leaving victims with no option but to pay the ransom or face the consequences of having their data published online and face reputational damage,” says the publication.

Data by the Communication Authority of Kenya indicate that the number of cyber threats more than doubled in the financial year 2021-2022. CA reported an all-time high of 359.2 million threats, a 133 percent increase from 154.4 million recorded in FY2020-21 and 110.9 in 2019.