Everest gang hacks ZESA, Zimbabwe’s power utility
Zimbabwe’s power utility ZESA holdings has been attacked by the Everest ransomware group.
The ransomware group claimed yesterday that it has access to internal financial data, employee data, and customer data after breaching ZESA’s systems.
Everest Ransomware is a group of cybercriminals responsible for creating and disseminating ransomware that encrypts files on a victim's computer and demands a ransom for their decryption.
On X (formerly Twitter), the group stated that the entire infrastructure of ZESA Holdings, including divisions ZETDC, ZENT, and Powertel, was attacked.
“ICS, IPMP, Smartvend, various Oracle servers, big part of backups were also attacked. Terabytes of internal (and interesting) data has been exfiltrated to our servers.
“1. Internal financial data (including World Bank’s data and Indian bank transactions and documents, 2.various system documents, such as Indra(ES) and inhemeter(CN), 3. employee personal data and 4. Smartvend customer data and previous customer personal data.
“The general managers of the company were re-notified about this situation. In order to restore the systems and prevent the publication of data and subsequent damage, the person in charge should contact us using the instructions as soon as possible.”
There was no immediate response from the company.
ZESA is the latest victim of the Everest ransomware operators, who also claimed to have compromised Eskom, South Africa’s state-owned power utility, last year.
In March 2022, Everest ransomware operators announced the transfer of root access to the South Africa electricity company for $125,000.
According to analysts, cyber-attacks on African institutions are increasing as the continent has become a focal point for cyber threats.
Nigeria increased its cyber security alert level earlier this week in response to attacks by a Sudanese hacker group. The National Information Technology Development Agency issued a warning to the nation, stating that its computer emergency readiness and response team had discovered a hacking group had targeted critical digital infrastructure.
Prior to the Nigerian attack, the group employed a comparable strategy in Kenya, where it recently attacked Safaricom, Kenya's largest telecommunications company.
Anonymous Sudan targeted digital services in Kenya, last month. The group claimed responsibility for a series of DDoS attacks on Kenyan public and private institutions.