African Telecoms and ISPs are under attack

also ft: SIM cards and court cases

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHTS

African Telecoms and ISPs are under attack

Telecom company, Paratus Namibia, has allayed the fears of its customers this week in the aftermath of a cyberattack. Paratus reported a cybersecurity breach on its internal IT systems that compromised 84 gigabytes of data last week, disrupting operations of the voice, internet and data service-providing company. According to the managing director Andrew Hall, the company is still investigating the extent of the damage but despite the attack, data stored in the company’s cloud-hosted backup solution remains protected by encryption, mostly rendering it inaccessible to external parties.

The identified perpetrator, Akira Ransomware Gang, a notorious gang known for its extortion and has targeted over 250 organizations globally since debuting in 2023. The gang infiltrated Paratus systems through a legitimate account, exploiting vulnerabilities in systems lacking multifactor authentication (MFA). Investigations by the Namibia Cyber Security Incident Response Team (NAM-CSIRT) classified the attack as a level 3 event with serious implications to Namibia’s telecommunication and national reputation.

The Paratus attack is coming barely two months after the attack on Telecom Namibia by another ransomware gang, Hunters International, which compromised the personal data of more than 600,000 people.

The constant attacks on key telecommunication organizations like this are not only peculiar to Namibia.

In February 2024, Anonymous Sudan, the notorious hacktivist group known for DDOS attacks grounded the operations of major telecom companies in Uganda. Airtel, MTN, and Uganda Telecom were hit by a wave of DDoS attacks during the group's hacktivism campaign. The same thing happened in August 2023 when the group attacked MTN Nigeria. An exclusive report by TechCabal also stated that Globacom, another telecom provider in Nigeria suffered a ransomware attack in July 2023, grounding internal operations for months despite the company's refusal to publicly acknowledge the incident.

The telecom and ISP sector is usually a prime target for both financially and ideologically motivated cyberattacks. The sector hosts important personal data, manages critical communications (that attackers are incentivized to intercept), and processes a sizable amount of money.

Looking at the trends of attacks on telecom companies in Africa, the motif of disruption and financial gain are more prominent than others, such as cyber espionage. Popular Russia-affiliated hacktivist group Anonymous Sudan uses DDoS attacks to protest in support of the military takeover in Sudan and the Akira and Hunters International ransomware groups are doing it for the money.

Common vulnerabilities like weak passwording of devices and lax security consciousness of employees are the popular attack gates exploited by these bad actors as is the case in the recent Paratus breach. Other attack gates include poor encryption standards, disgruntled employees who could pose serious insider threats, and misconfiguration in the cloud, servers, routers, and switches.

Although the current trends of attacks on African telecom companies still limits the consequences to disruption of activities and financial losses. The impact of these can be devastating, both on the companies who are already battling with unfriendly business situations and the subscribers whose daily interactions depend on the access to connection.

SIM cards and court cases

Kenya – Catherine Kainyu Murithi, a Kenyan former employee of Becton Dickinson and Company (BD East Africa), took her former employer and Safaricom PLC up in a privacy case which led to the two companies being fined Sh250,000 each by the Office of the Data Protection Commissioner (ODPC) of Kenya.

Catherine filed a complaint in November 2024, alleging that her ex-employer shared a copy of her national ID with Safaricom without her authorisation to facilitate the transfer of her work-issued SIM card back to her after her employment was terminated. On the 26th of February 2025, Data Commissioner Immaculate Kassait ruled that the actions of the two organisations were wrong and violated the Data Protection Act, which requires companies to inform individuals about how their data will be used and obtain consent. BD East Africa’s argument that the action was necessary and Safaricom’s excuse of only following instructions was struck out by the commissioner.

Recently, many countries across the continent including Nigeria, Ghana, Kenya, and Cameroon have mandated the linking of national identities to SIM cards. However, these stringent rules only apply to surface-level transactions. These requirements are being bypassed in flagrant disregard for privacy rules and the reason for the creation of the rule.

In Nigeria for instance, the Federal Government mandated every person to register physically for the National Identification Number (NIN) which must be linked with the SIM cards. However, this report by BusinessDay Newspaper showed that several preregistered SIM cards are being procured by Nigerians at selected markets. Some other allegations of misregistered SIM cards or linking of SIMs with different NINs led the Nigerian House of Representatives to launch a probe of the matter earlier in February this year. In 2024, Kenya also warned service providers about remotely registered SIM cards in as conduits for fraudulent deals.

Egypt Ponzi scam ring and growing cyber threat

Security forces in Egypt on Monday arrested 14 individuals involved in a large-scale online fraud scheme linked to the FBC platform, which deceived over 300 victims out of nearly EGP 8.2 million ($161,957). The suspects, consisting of 12 Egyptians, one Chinese, and one Japanese, were charged to court on Thursday after their arrest on Monday where authorities seized around EGP 1 million in cash and several mobile phones, computers used to manage the platform, and 1,135 SIM cards prepared for activating digital wallets to receive funds.

Notably led by foreigners who have links to international crime syndicates, the cybercrime gang operated a Ponzi scheme while fronting as a legitimate employment and investment platform with a company in Cairo and headquartered outside Egypt.

Their FBC scheme is an online scam that deceives Egyptians promising quick profits through fake investment opportunities and easy employment. It had all the indications of the popular Ponzi scheme, with the pyramid-style referral scheme. However, the scam ring was able to bring legitimacy with its promotional videos on YouTube and messages sent on WhatsApp to whitewash its reputation.

This is just one of the growing cyber threats in the Arabian country. Last Wednesday, at the Positive Hack Talks event in Cairo, Positive Technologies revealed that data breaches in Egypt are increasingly targeting individuals and online stores.

According to the Russian cybersecurity solution company, in 2023, personal data of two million Egyptian patients was leaked and sold online. Fawry, Egypt's foremost e-payment company, also suffered a breach the same year.

Over a hundred listings on dark web forums offer databases of stolen information of Egyptian citizens in 2024 alone, including one advertising the personal data of 85 million Egyptians and another listing 600,000 customer records from a major supplement store.

Past events have proven that the availability of these sensitive personal data in the darkweb can lead to more consequential incidents.

FEATURES

• This DW report went an extra mile to document the instances where Artificial intelligence is being used to influence democratic processes in Africa. It revealed that Deepfakes, cheap fakes and fake news are all weapons that can be produced cheaply and endlessly. From DR Congo to Rwanda, South Africa to Burkina Faso and other African countries AI-enhanced mis and disinformation are complicating democratic process and regional crisis in the region.

• The recent rescue of thousands of victims of pig butchering scams has, again, brought to the limelight how unsuspecting humans looking for opportunity get exploited by criminal syndicates. This study by Suleman Lazarus, Mina Chiang and Mark Button examines how cybercriminals exploit deceptive recruitment tactics and digital platforms to entrap and exploit victims in human trafficking within the cybercrime context.

HEADLINES

• Maybe EFCC boss Olukayode read our last newsletter, or not, but this week he warned stakeholders of organized foreign fraudsters establishing units in Nigeria.

ICYMI: Is Nigeria the next pig butchering hotspot?

• Nigeria’s anti-fraud agency remains bullish on its fight against cybercrime. This week, EFCC returned N78.5 million ($52,000) to some American, Spanish and Swiss victims of Nigerian scammers.

• Deepening its cloud service industry penetration in Africa, Chinese Huawei cloud is expanding in Africa with new availability zones in Egypt and Nigeria

• Ethio Telecomms launches seven new cloud-based enterprise services.

• With a digital strategy tagged “New Technological Deal,” Senegal set to transform into a digital hub by 2034 with a commitment of more than 1,100 billion FCFA to the commitment

• Nigeria’s NIBSS Fraud Report shows that fraudsters stole over N1 billion ($663 million) through BVN registered for minors in banks.

• In the wake of digital development in MENA, data breaches targeting individuals, online stores keep rising in Egypt: Report says.

ACROSS THE WORLD

• Hackers dipped into Bybit’s wallet and stole $1.4 billion in what is currently the biggest crypto theft ever.

• Meta fixes error that flooded Instagram Reels with violent videos.

• ‘12,000 Hardcoded Live API keys and Passwords Exposed in DeepSeek Data Leak