threat intelligence blog

OnNet does post blog entries under threat research to discuss cyber intrusions, counter cyber and cyber threat intelligence

#ForAdvancedCyberMethods

Recent Blog Entries

We pursue adversaries and share what's interesting, using military-grade CNO.

1

Understanding The Adversaries : The ForkBombo group.


The Forkbombo codename was derived from their email forkbombo@gmail.com 

This is a homegrown cyber threat actor that has been active since 2015 and has grown to a huge cartel made up of Money Launderers, Hackers, Coders, Operators and Insiders. This adversary represents constant threat to a wide variety of institutions mostly being the Banking sector around Kenya and its neighboring countries.

2

Tracking the 400 Mill Shillings.

SilentCards big come back

Our CNO team that is selectively tasked with offensive operations to gather CTI, for our customers so as to arm them with the most accurate intelligence, stumbled on a server, early 2018, that was used for a larger heist late last year, where the actor made 400,000,000 + KSHs payday.

3

The 2018 HailMary keylogger upgrade.

Keylogger Development


From last year, 2018, after the threat group discovered we, OnNet team, knew where the logger data was stored, mostly in %ProgramData% , this threat group overhauled their previous Fsociety-keylogger and decided to write a new one.

4

Insider Menace.

95% of insider threats are usually men.

Insiders that communicate and facilitate adversary groups are typically trusted male employees, which is constituted by some sense of failure in their life or need of money and lack of success which still outlines to that sense of failure.

5

Understanding Local AFTs.

For the last few years OnNet teams have been responding to a wide range of attacks by Local Nairobi Advanced Financial Threats.

These groups started upcoming and growing in 2016 and their trade-craft was simple and new to most banks and financial institutions. Their main focus is widespread theft of funds either through ATMs, Bill manipulation, Bank-to-Bank transfer and even Core Banking Software manipulation.

6

The toolsel AFTs used when they were a Cyber Cartel. 

The tools mentioned herewith, should now be detectable in every targeted environment

Before the Forkbombo operators went back into their smaller group, they used to be members of a Cyber Cartel that was build by one former Government official who was aware of the small teams as early as 2010 when cyber crime started to hit several East African financial institutions.

7

Loan Wipers – The Grapzone threat group. 

The tools mentioned herewith, should now be detectable in every targeted environment

Before the Forkbombo operators went back into their smaller group, they used to be members of a Cyber Cartel that was build by one former Government official who was aware of the small teams as early as 2010 when cyber crime started to hit several East African financial institutions.

8

SilentCards threat group expands around East and Central Africa... 

SilentCards, a threat group OnNet pursues, expands its intrusions around Central Africa after gaining footholds into several banks in Uganda, Tanzania and Rwanda..

The second in command of the former Cartel group branched off and formed this group which has raked out the biggest share in Cyber Crime across East Africa. The group has made out with around 2 Billion Kenya shillings from 2018 to mid 2019, targeting Saccos, Banks, Mobile Banking service providers, ISPs, Holding Companies, Hedge Funds, Betting Firms and Government financial sectors across East Africa.

8

Forkbombo Terminated!!!

A cyber threat group that caused chaos in the financial sector due to coordinated heists was taken down in Kigali late last year(2019).

This group flourished for several years after the main Cyber Cartel was taken down in 2017, with the third in command assuming Operational Command...