Russian-based cyber security firm unearths Kenya firms espionage


Delegates during a cybersecurity conference. FILE PHOTO | NMG

Global cybersecurity company Kaspersky Lab claims hackers spent six years monitoring and harvesting data from select Kenyan public and private agencies.

Kaspersky Lab, which is headquartered in Moscow, named the cyber espionage threat as ‘Slingshot’ believed to have originated from an English-speaking hacker group and did not rule out possibility of the group being state-sponsored.

“While most of the victims appear to be targeted individuals rather than organisations, Kenya and Yemen account for most of the victims observed so far,” says Kaspersky Lab’s Lead Malware Analyst Alexey Shulmin in a report.

Kaspersky adds that the venture, “appears very precious and profitable for the attackers, which could explain why it has been around for at least six years.”

It said 100 victims of ‘Slingshot’ and its related modules were mainly located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.

READ: Kenyan firms risk higher cybercrime

In their latest Global Economic Crimes Report, financial services advisory firm, PwC urged Kenyan firms to be on high alert in the next two years saying cybercrime posed the biggest threat since up to 41 per cent of Kenyan businesses lacked an operational cyber-security programme.

Separately, on February 2, President Uhuru Kenyatta directed Communications Authority of Kenya to slice off Sh1 billion from its Universal Service Fund and hand over the cash to the Directorate of Criminal Investigations to be used in strengthening the anti-cybercrime unit.

Kaspersky Lab’s statement said Slingshot’s main purpose seems to be cyber-espionage. Analysis suggests it collects screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more, although its kernel access means it can steal whatever it wants.