Namibia’s state telecom provider says hackers leaked data after it refused to pay ransom

Namibia’s state-owned telecom provider confirmed Monday that some of its customers’ data was leaked on the dark web following a ransomware attack.

Telecom Namibia attributed the attack to a threat actor known as Hunters International. According to the company’s chief executive, Stanley Shanapinda, the hackers made the stolen data public after Telecom Namibia had refused to negotiate with them about the potential ransom.

Dear Valued Customer and Stakeholder

Telecom Namibia assures its clients and stakeholders that it has put measures in place to safeguard confidential and sensitive data.

We will continue to share updates on any further developments as they come to light. pic.twitter.com/ku7nYautjU

— Telecom Namibia (@TelecomNamibia) December 16, 2024

“We don’t negotiate with cyber terrorists,” Shanapinda said in an interview with local media. “We know the sums they’re asking for are exorbitant and unaffordable, so there’s no reason to even consider discussing it. And even if you do pay a ransom, there’s no guarantee the information won’t still be leaked.”

The company didn’t specify what kind of data was stolen by the cybercriminals, but according to local media reports, the hackers accessed over 400,000 files, including personal and financial data belonging to some high-ranking government officials and Telecom Namibia’s clients.

The company said in a statement that it is currently analyzing the leaked data and working with local law enforcement to minimize any further exposure and risk to all its customers.

Some of the leaked data has reportedly already been circulating on social media, but Telecom Namibia warned individuals that it would be a criminal offense to share or use it for malicious purposes.

The Hunters International group emerged last October. It operates ransomware-as-a-service and was once believed to be a rebrand of the notorious Hive ransomware operation, which was dismantled by the FBI in January 2023. The group has denied the allegations about this connection, stating that they are a new service in the ransomware scene that purchased the encryptor source code from the Hive developers.

The gang is known for its attacks on companies in the health, automotive, manufacturing, logistics, financial, education and food industries.

🚨 Ransom group "Hunters International" publishes Telecom Namibia🇳🇦

Target: Telecom Namibia, a leading telecommunications https://t.co/qlvSsdg4p0: Fixed-line, mobile, and internet solutions.
Headquarters: Windhoek, Namibia.
Website: https://t.co/o19bAe4ayp#Ransomware… pic.twitter.com/ln9UDU8uMR

— Ransom-DB (@Ransom_DB) December 10, 2024

The group’s attack on Telecom Namibia attracted the attention of the country’s authorities. Namibia’s  President, Nangolo Mbumba, said he considers cybersecurity a crucial part of national security, according to his spokesperson Alfredo Hengari.

“In that vein, any threat to our security architecture, including cyberattacks, is dealt with the urgency it deserves,” Hengari said.

Confidential information from the Office of the President was reportedly leaked by Hunters International, although Recorded Future News couldn’t verify this claim.

The country’s security experts said that the customers affected by the Telecom Namibia breach can’t do much, as Namibia’s Data Protection Act, which could impose significant fines and penalties for such data breaches, has not yet been enforced. However, in some cases, they could be allowed to make claims for damages due to negligence in safeguarding data.

Amid the Telecom Namibia incident, another threat actor claimed to have gained access to the country’s Ministry of Health and Social Services and targeted the Ministry’s pharmaceutical data. These reports weren’t officially verified.