This is a homegrown cyber threat actor that has been active since 2015 and has grown to a huge cartel made up of Money Launderers, Hackers, Coders, Operators and Insiders. This adversary represents constant threat to a wide variety of institutions mostly being the Banking sector around Kenya and its neighboring countries.
Our CNO team that is selectively tasked with offensive operations to gather CTI, for our customers so as to arm them with the most accurate intelligence, stumbled on a server, early 2018, that was used for a larger heist late last year, where the actor made 400,000,000 + KSHs payday.
From last year, 2018, after the threat group discovered we, OnNet team, knew where the logger data was stored, mostly in %ProgramData% , this threat group overhauled their previous Fsociety-keylogger and decided to write a new one.
Insiders that communicate and facilitate adversary groups are typically trusted male employees, which is constituted by some sense of failure in their life or need of money and lack of success which still outlines to that sense of failure.
These groups started upcoming and growing in 2016 and their trade-craft was simple and new to most banks and financial institutions. Their main focus is widespread theft of funds either through ATMs, Bill manipulation, Bank-to-Bank transfer and even Core Banking Software manipulation.
Before the Forkbombo operators went back into their smaller group, they used to be members of a Cyber Cartel that was build by one former Government official who was aware of the small teams as early as 2010 when cyber crime started to hit several East African financial institutions.
Before the Forkbombo operators went back into their smaller group, they used to be members of a Cyber Cartel that was build by one former Government official who was aware of the small teams as early as 2010 when cyber crime started to hit several East African financial institutions.
The second in command of the former Cartel group branched off and formed this group which has raked out the biggest share in Cyber Crime across East Africa. The group has made out with around 2 Billion Kenya shillings from 2018 to mid 2019, targeting Saccos, Banks, Mobile Banking service providers, ISPs, Holding Companies, Hedge Funds, Betting Firms and Government financial sectors across East Africa.
This group flourished for several years after the main Cyber Cartel was taken down in 2017, with the third in command assuming Operational Command...
For the last few months, OnNet has witnessed a growth of new cyber gangs with some that broke off the major known groups and using some of the TTPs noticed from those groups. Though OnNet is still collecting and attributing to these so “new” operational actors behind the heists, a new wave of attacking Education Centers, Travel/Accommodation companies, Insurance organizations and hospitals has increased.