BianLian attacks BGFI Banking Group; African countries affected by ChatGPT accounts compromise; Suspected state-sponsored hackers target Middle East and African governemnts.
CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.
BianLian attacks BGFI Banking Group
On Thursday, cybersecurity researcher Celement Domingo (aka SAXX) confirmed that the Congo subsidiary of The BGFI Banking Group was breached by The BianLian group the day before. BianLian group is asking for 55BTCs ($167,000) in order not to release over 250GB of very sensitive stolen data, including financial documents, staff and board data, customer data, personal files, credit reports, bank loans, and administrative files.
The BGFI Banking group is a private African financial institution born in Gabon, but with subsidiaries across ten African countries. In 2021, the group was also accused of being enablers of public fund diversion after a data leak exposed financial documents to the public.
BianLian Group is a relatively new ransomware and data extortion group who’ve mostly targeted organizations in the United States, United Kingdom, and Australia.
To the best of my knowledge, this is the group’s first known attack on an African entity, but it sits well in a recent disclosure of breaches affecting financial institutions in Africa. It’s also one of the few affecting large financial institutions on the continent. As it’s already been preached over and over again, the tech infrastructure powering most of the continent’s financial ecosystem needs a lot of security work.
BGFI Bank Group is yet to issue any official statement on the situation, and probably will not.
African countries affected by ChatGPT accounts compromise
A report by Group-IB recently revealed that over 100,000 ChatGPT accounts has been compromised across the world. Roughly 25,000 out of these accounts are said to be from the Middle East and Africa (MEA)region. Majority of this compromise is attributed to the Raccoon Info Stealer malware, which is sold for around $70 - $200 on the darkweb.
Egypt, which tops the list in the MEA region, accounts for more than 4,500 accounts, followed by Morocco (2,647), Algeria (2,002), Turkey (1,922), and Kenya (1,575).
Compromised accounts hold histories of queries and answers replies from the ChatGPT AI. In the light of increased AI use by businesses, these accounts might hold sensitive data and information.
Suspected state-sponsored hackers target Middle East and African governemnts.
Talking about the Middle East and Africa, suspected State-backed actors have been targeting government entities in the region with credential theft and data exfiltration attacks, according to researchers at PaloAlto Networks. The hacking group behind this attack is yet to be identified with any previously known actor, but is said to have an organization associated with state-sponsored APT groups.
The threat group uses network providers to plant malicious instructions and once they break into a network, they expand their reach using an open-source penetration test tool known as Yasso. They also take advantage of Exchange Management Shell and Powershell Snap-ins to harvest emails, a trick known to be used by Silk Typhoon, a Chinese state-sponsored group known for exploiting Microsoft Exchange Servers.
Features
Nigeria’s new data protection law looks good on the surface, but law practitioners say it still needs some work. Issues such as how it does not clearly define if the law only protects natural persons or covers artificial entities such as businesses and corporations are specific loopholes that cannot be overlooked. Read TechCabal’s Ganiu Oloruntade’s story on the importance of this issue.
This piece by News24 argues that although Nigeria was Africa’s frontrunner of cybercrime, South Africa is fast becoming Africa’s cybercrime capital.
Ephraim Modise delves into the drivers and threat of cybercrime for South African startups, and how the startups are responding, for TechCabal.
Kunle Adebajo explores the relationship between Nigeria’s violent millitia groups and social media propaganda, for Humangle.
France has often been on the receiving end of disinformation campaigns by Russia and the Wagner Group in Africa, playing heavily on the history of colonization and decades of neo-colonial presence and manipulation. Now, as France finalizes its withdrawal from Africa, plans to map, expose, and fight Russian/Wagner’s disinformation are set into motion. By Reuters.
For The Hustle, I reported on the risks, drivers, and intricacies of counterfeit software use in Africa and most developing countries.
This piece argues that It is not just the role of social media companies to fight disinformation in Kenya. Along with fixing algorithms, ordinary people need to be more aware.
Headlines
Senegal Ranks First in African Cybersecurity, followed by Nigeria. - TechInAfrica
Ivory Coast celebrates 10 years since it first signed its Data protection bill into law. - African Cybersecurity Magazine
Three Africans make it to the 2023 Global Cybersecurity Women of the year. - African Cybersecurity Magazine
Two South African Toyota dealership fall victim to BEC fraud. Moneyweb ZA
Following the signing of the new personal data protection law, The Nigeria Data Protection Commission says it’s fined seven banks and institutions 200 million naira ($263,000) over data breaches. - The Nation Nigeria
Akira Group denies the hack of South African Development bank, says unknown actor used their ransomware - Dominic
Only 15% of Nigerians use social media but the CBN demands that banks verify handles as a KYC requirement - TechNext
Across the world
Kashoggi’s widow sues israeli spyware firm NSO for enabling the murder of her husband and abusing her safety, privacy, and autonomy.
Post note
Yayy! This is the tenth edition of CybAfriqué , and I’d like to thank the individuals who make running this newsletter way easier than it would normally be, especially my assistant, Raheemah Olawuyi. I’m also thanking you, who have stuck around with us.
Remember to share and subscribe. See you next Tuesday.