Skip to content

A repository for tracking events related to cybersecurity incidents in Nigeria, as reported publicly, documented by affected organizations and shared internally within the cyber community

Notifications You must be signed in to change notification settings

ngwhitehat/Nigeria-Cyber-Incidents

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 

Repository files navigation

ngwhitehat-banner

Nigeria-Cyber-Incidents

A repository for tracking events related to the cybersecurity incidents in Nigeria, as reported publicly, documented by affected organizations or shared internally within the community. See problems we are solving with this.

Report an Incident NOW

Nigeria-Cyber-Incidents

Publish Date Type Description Source
November 2014 Defacement The website of the Federal University of Technology, Minna (FUTMINNA) in Nigeria was defaced. Nairaland
January 2015 Defacement In January 2015, a group of hackers called Lizard Squad defaced the official website of the Nigerian Defence Headquarters, displaying a message that read: “Hacked by Lizard Squad. Official Cyber Caliphate”. The group claimed to be affiliated with the Islamic State militant group and Boko Haram, and threatened to release sensitive information from the website Wikipeadia
July 2015 Defacement In July 2015, a group of hackers called the Nigerian Cyber Army defaced the official website of the Independent National Electoral Commission (INEC), displaying a message that read: “Sorry xD Your Site has been STAMPED by TeaM Nigerian Cyber Army. FEEL SOME SHAME ADMIN!! Security is just an illusion”. The group claimed to be protesting against the alleged rigging of the 2015 general elections. Premium Times
September 2016 Defacement The website of the University of Ilorin (Unilorin) was defaced Nairaland
June 2017 Defacement In June 2017, a group of hackers called Team System DZ defaced several Nigerian government websites, including those of the National Health Insurance Scheme, the Nigerian Ports Authority, and the Nigerian Investment Promotion Commission. The hackers posted messages that read: “Hacked by Team System DZ. I Love Islamic State”. The group also claimed to be affiliated with the Islamic State militant group Premium Times
October 2017 Defacement In October 2017, a group of hackers called AnonPlus defaced the official website of the Nigerian Police Force (NPF), displaying a message that read: “Hacked by AnonPlus. This account has been hacked by AnonPlus. We are not criminal, we are not terrorist. We are people who fight for freedom and justice”. The group claimed to be affiliated with the Anonymous movement and demanded the release of Nnamdi Kanu, the leader of the Indigenous People of Biafra (IPOB) separatist group Pulse
2018 Defacement In 2018, the official website of the National Assembly was hacked and defaced by a group called Eagle Eye, which posted a message accusing the lawmakers of corruption and demanding accountability. Pulse
September 2018 Data Leakage The author discovered an open Amazon S3 bucket containing sensitive data of Arik Air customers, such as names, emails, credit card details, travel itineraries and 2FA codes. The author tried to notify Arik Air via various channels but received no reply for a long time. It took about one month for Arik Air to secure the bucket after the initial notification. Analysis of the data revealed some interesting patterns, such as the most common email providers, currencies, card types, business names, countries and payment types of the customers. And also showed how the data could be used to track a customer’s travel history and identity. Rainbowtabl
August 2019 Insecure Misconfiguration & Data Exposure The website yellowcardnigeria.com, a service for the Federal Ministry of Health to validate yellow cards, has been compromised and exposes users’ private information. The website housed sensitive health information for Nigerian air travellers who have been vaccinated against yellow fever. Business Day
November 2019 Defacement In November 2019, a group of hackers called Ghost Squad Hackers defaced several Nigerian government websites, including those of the Ministry of Justice, the Ministry of Defence, and the Ministry of Finance. The hackers posted messages that read: “Hacked by Ghost Squad Hackers. We are here to expose your corrupt government. You can’t silence us”. The group claimed to be exposing corruption and human rights violations in Nigeria. The Cable
2019 Ransomware In 2019, the University of Ibadan was hit by a ransomware attack that encrypted its academic records and financial data. The attackers demanded $1,200 in Bitcoin for the decryption key. Premium Times
December 2019 Data Breach Surebet is a Nigerian online sports betting operator that suffered a data breach in December 2019. The breach exposed the personal and financial information of over 32,000 customers, including names, addresses, phone numbers, email addresses, bank account numbers, and betting histories Business Day
December 2019 Data Breach The LIRS data breach was a cyberattack on the Lagos State Internal Revenue Service (LIRS), a Nigerian tax agency, in December 2019. The attack exposed the personal information of taxpayers of Lagos State such as names, addresses, phone numbers, email addresses, and tax identification numbers Business Day
March 2020 Resource Hijacking / Crypto Miners Infection The experience of a cybersecurity team that encountered crypto-mining malware in organizations. The team found out that the malware used Powershell to disrupt legitimate processes and infect critical servers in an energy distribution company and ISPs in Nigeria thereby disrupting core business. CyberDome
July 2020 Source Code Leakage A recent source code leak affected dozens of companies, including TeamApt, a Nigerian payment company. The leak was caused by a vulnerability in a tool that scans for bugs and vulnerabilities in the source code.TeamApt’s CEO said that only snapshots of codes were exposed and no data or configuration was leaked. He also said that the hackers have deleted the source codes and the vulnerability has been patched Business Day
October 2020 Defacement In October 2020, a group of hackers called Anonymous defaced several Nigerian government websites, including those of the Central Bank of Nigeria, the Economic and Financial Crimes Commission, and the Independent National Electoral Commission. The hackers posted messages that read: “We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us”. The group claimed to be supporting the #EndSARS protests against police brutality in Nigeria Guardian
April 2022 Data Breach A data breach affecting the Nigerian organization PLASCHEMA (Plateau State Contributory Health Care Management Agency) exposed the personal data of thousands of citizens Website Planet
April 2022 Ransomware Bet9ja is a Nigerian online sports betting operator hacked in April 2022 by a group of hackers known as the Russian Blackcat (ALPHV) group. The hackers launched a cyberattack on the Bet9ja website and disrupted its services for several hours Nairametric
April 2022 Breach CyberPlural MSSP believe there was an ongoing campaign targeting organizations' networks in Nigeria. From what was observed during this period, TA(s) :💥initial access leverage vulnerable servers and apps, 💥exploitation toolkits like Cobalt Strike are in use, 💥possibly a larger goal of #ransomware deployment CyberPlural
May 2022 Ransomware An individual report from a University lecturer of a ransomware incident involving IFLA Ransomware, all important school work and files were encrypted in the process. A ransom note pointing to a $450 payment in Bitcoin was found. Investigation revealed info stealer (RedLine) was executed on the affected laptop carting away credentials before the ransomware execution, also reporting MSSP found the user to be a fan of Torrent and Crack Software. CyberPlural-MSSP
May 2022 Data Breach & Stolen Fund MoMo PSB suffered a breach in May 2022, just days after its launch, that resulted in the loss of 22 billion Naira ($53 million). The breach involved 700,000 unauthorized transfers to about 8,000 accounts in 18 Nigerian commercial banks. MoMo PSB claims that the transfers were done in error and that no customer funds or data were affected qz.com
June 2022 Security Misconfiguration & Stolen Funds Hackers withdrew ₦1.755 billion from Globus Bank customers’ accounts after a system glitch in its USSD channel. Globus Bank recovered ₦817,998,969.85 from the fraudsters’ accounts but could not retrieve ₦962,019,843.35 from eight other banks. Globus Bank filed a suit at a high court in Lagos to recover the outstanding funds and obtain account information of the beneficiaries. Business Post
July 2022 Compromise OWA Web Service Several .gov.ng including some other private organization OWA web services/servers were compromised in the H1 (First Half) of 2022 including that of Lagos State government. Community reveals that some hackers have compromised and sold valid email accounts from this operations Community
September 2022 Phishing / Credential Theft Threat actor (TA) used InterPlanetary File System (IPFS) to host a phishing script that targeted businesses/organizations in Nigeria. Shows how the TA delivered an email with a hyperlink that points to an IPFS address. When the user supplies any email address with the domain at the back of the hash (#) sign, the phishing script loads the organization’s website in the background and automatically fits in the logo to make it more believable to unsuspecting users at the sign-in box. CyberPlural
October 2022 Defacement The Abia State Government website was defaced with a message demanding 0.248BTC as ransom Nairaland
November 2022 Ransomware An individual report of a ransomware incident where files were encrypted and all changed to the .FATP extension (a variant of DJVU ransomware) and the ransom note was requesting $950 in bitcoin from the user, further investigation reveal user's credential has been stolen and the victim's refusal to pay led to damages to cloud resources whose credential have been stolen. Lack of 2FA on cloud accounts leads to those damages. CyberPlural-MSSP
November 2022 Defacement The admission portal of the University of Ibadan, (UI) was defaced. Federal Character
December 2022 Defacement In December, a group of hackers called z7F HaCkEr defaced NITDA main website Community
January 2023 Phishing / Data Collection A malicious actor created a fake portal for the 2023 General Election in Nigeria, using a domain with a spelling error (Recriutment) and phishing for users’ personal information. The same domain has been hosting similar fake platforms since 2022, targeting users in Nigeria, Ghana and Kenya with fake youth empowerment, jobs, visa sponsorship and grants from presidential aspirants. The malicious actor uses a URL shortener (Lyupz) to hide the main domain and distributes the links through WhatsApp Groups, relying on unsuspecting users to share them with others CyberPlural MSSP
January 2023 Ransomware A Federal agency experienced a ransomware incident on one of its internet-facing servers where all files in the shared folder got encrypted. The ransom note read the files have been encrypted by 0XXX Virus and victims can buy decryption for $ 300 USD in bitcoin by sending the unique ID to sergev_petrov1983@mail.ru Whitehat.NG
March 2023 Breach and Stolen Funds Hackers transferred over ₦2.9 billion from Flutterwave accounts in early February 2023. Flutterwave reported the case to the police and filed a suit to freeze accounts in 27 financial institutions in Nigeria where some of the money was moved. Flutterwave denied the hack and claimed that no user lost any funds. It also said it invests heavily in security measures such as audits, certifications, and licenses. Some Twitter users confirmed that their accounts were frozen or locked as a result of the hack. Some also questioned Flutterwave’s security and transparency Tech Cabal
March 2023 Defacement Babcock University's Information Management System (UIMS) Account was hacked and the website was defaced with pornographic content Premium Times
April 2023 Ransomware The Leadway Assurance hack was an attempted cyberattack on the Leadway Assurance Company Ltd., a leading Nigerian insurance company, in April 2023. The attack was allegedly carried out by the ALPHV ransomware group, a cybercriminal gang that encrypts and steals data from its victim. Sample data released to the dark web FalconFeedsio
May 2023 Insider Threat & Stolen Funds The hackers of Afriq Arbitrage System (AAS), a global crypto space, were led by one of its staffers, Abayomi Segun Oluwasesan, who betrayed his boss, Jesam Micheal, while he was undergoing a liver transplant. Abayomi and his cohorts hacked the platform and withdrew several millions of dollars from over 100,000 investors from over 75 countries. They spent the money on exotic cars, properties, citizenships, and travel. The hacking incident crashed the platform and left many investors in suicidal, traumatic, and helpless situations. Some of them lost their retirement savings, family members, and lifelines. They demand justice for Abayomi’s crimes. Independent
May 2023 Controversial Disclosure A controversial LinkedIn post by David Sennaike about Nigeria's Financial Institutions and the plethora of vulnerabilities on which they operate generated a lot of comments and received mixed reactions from Cybersecurity leadership across the Financial Space Community
May 2023 Breach & Stolen Funds Patricia’s recent announcement of a breach on its retail trading app, which froze withdrawals for users. It reveals that the breach happened in January 2022 and cost the company $2 million. Tech Cabal
July 2023 Defacement The Ogun State Government website was defaced with a message hinting the technical team to update their security. Punch
July 2023 Ransomware Globacom Nigeria's recent ransomware attack was a cyberattack on Globacom Nigeria Ltd., a leading Nigerian telecommunications company, in July 2023. The attack was allegedly carried out by a known ransomware group (ALPHV), a cybercriminal gang that encrypts and steals data from its victims. The hacker, who is demanding $2.5m, claims to have been in control of the network for 12 days undetected Community
August 2023 DDoS On August 1, 2023, Anonymous Sudan declared on their Telegram channel that it would launch cyberattacks on Nigeria’s vital information systems. This was in response to Nigeria’s participation in ECOWAS’s recent instructions to the Nigerien military to hand over power to the democratically elected government of the Niger Republic. This planned attack began on the 2nd of August, with MTN Nigeria leading the victim list and a partial service outage was observed by customers and users of various services Community, ngCERT, Whitehat.NG
August 2023 Info & Credential Stealer Malware Campaign Several MSSPs and private SOCs were reporting cases of information and credential stealer malware in their various constituents. One reported some markets and forums on the dark web have started listing credentials stolen from different Nigerian platforms for sale for as low as $10 per credential. RedLine, Racoon, Lumba and other samples have been reported so far Whitehat.NG Telegram, CyberPlural
August 2023 Ponzi Scheme Crashed Off In a harrowing turn of events, Nigeria has been rocked by what is now known as the MTFE Ponzi scheme, an audacious crypto fraud that duped unsuspecting investors out of a staggering $1 billion. Most tragically, the majority of victims hail from the northern regions of the country, serving as a grim reminder of the critical role that knowledge plays in safeguarding oneself against Ponzi schemes and fraudulent crypto projects. Binance Blog Whitehat.NG
October 2023 Ransomware A notable construction company in Nigeria was recently attacked by the Mallox Ransomware Group. The attack resulted in the encryption of critical servers, and the group demanded a ransom which the company refused to pay. This incident is part of a recent trend of increased activity by the Mallox ransomware group over the past few months. Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware strain that specifically targets Microsoft (MS) Windows systems. The group has been active since June 2021 and is known for exploiting unsecured MS-SQL servers as a penetration vector to compromise victims' networks. Whitehat.NG Telegram
November 2023 Ransomware An internet-facing server of a federal agency was recently involved in a ransomware incident. During the incident response, it was discovered that the server was running an older version of the operating system, Windows Vista. The ransom note demanded that the victim write their ID as the message title and send it to back2up@swismail[.]com. All encrypted files had the .Elbie extension. Whitehat.NG
November 2023 Ponzi Scheme A purported e-commerce earning app called SRA, which gained popularity in some states in North Central Nigeria, has recently crashed. The app was known to offer investment opportunities and allowed users to earn money by fulfilling orders. Unfortunately, it has now been revealed that the app was a scam, and thousands of unsuspecting users in the affected states have lost all of their investments. Community
November 2023 Ransomware The Meow ransomware group has announced that they successfully breached Wema Bank. A post on the leak site included the bank's details and user/machine accounts from its domain controllers, with a threat to release additional data if the bank doesn't negotiate. The breach is believed to have occurred in September, prior to the listing in November. Whitehat.NG Telegram FalconFeeds
December 2023 Ransomware In a developing story, the Mallox ransomware group has seized control of the server of a federal commission responsible for regulating an industry where one of the top players had previously experienced an incident caused by the ALPHV group earlier this year. The ransomware group is demanding payment, and all data on the affected server is currently encrypted. Whitehat.NG
March 2024 Phishing Campaign A report of some malicious actors who have been quick to capitalize on the situation by setting up fake or replica versions of corporate banking websites to deceive individuals into divulging their personally identifiable information. By mimicking the legitimate interfaces of banks, these fraudulent websites trick users into entering sensitive data, such as login credentials, token codes, and NINs, under the guise of security compliance CyberPlural MSSP
May 2024 Ransomware A major merchant bank has fallen victim to a devastating ransomware attack by the LockBit 3.0 gang. The alarming aspect is that the bank's backup systems have also been affected, further complicating the recovery process Whitehat.NG Telegram
May 2024 Ransomware A prominent Nigerian engineering and construction firm serving the oil and gas industry has been targeted by the Black Suit ransomware. The attack has disrupted the company's operations, raising concerns about the potential impact on its clientele and the broader industry Whitehat.NG Telegram
May 2024 Breach & Stolen Fund In April 2024, Flutterwave experienced a security breach that allowed unknown individuals to illegally transfer billions of naira to various bank accounts. According to sources, the perpetrators diverted at least ₦11 billion ($7 million), with claims that the actual amount could be as high as ₦20 billion ($13.5 million). This latest incident is the latest in a series of security breaches at Flutterwave, raising concerns about the company's ability to protect its clients' funds and data. Flutterwave has not yet provided an official statement on the matter, and the investigation is ongoing. Tech Cabal
June 2024 Hacking A threat actor or group known as ParanoidHax has compromised the push messaging feature of a payment app used by a telecom service provider in Nigeria. They sent a notification to nearly 13,000 users, demanding that the ISP contact them at mr.claratzz@proton.me to pay 10 million Rupiah (approximately 985,000 Naira) to prevent the database from being put up for sale. Whitehat.NG Telegram
June 2024 Defacement Security researchers have reported that they have discovered defacement pages on the websites of four tertiary institutions. The researchers have reported this incident to the relevant Computer Emergency Response Team (CERT) so that the affected institutions can take appropriate actions. Whitehat.NG Telegram
June 2024 Ransomware A federal agency report disclosed a Conti ransomware incident that targeted the agency's entire network infrastructure. A server managed by a consultant was impacted by the attack. However, the incident was well responded to and contained Whitehat.NG Telegram
June 2024 Breach and Stolen Fund According to the bank, the 1.7 billion hack that occurred last year was a result of a technical glitch in its USSD channel. The bank was able to recover some of the stolen funds. However, the remaining 1.1 billion of the stolen money has been tracked back to previously engaged ICT staff of the bank. The bank has approached the court to obtain an order to freeze the accounts containing the 1.1billion in stolen funds Nairametric
July 2024 Ransomware An indigenous cloud service provider experienced a security breach in the management section of its cloud service infrastructure, resulting in operational downtime. According to reports from the CERT, the Phobos ransomware group was identified as the culprit behind the incident. Whitehat.NG, Nairametric
August 2024 Cyber Squatting A leading bank in Nigeria experienced an isolated incident affecting the availability of its website domain, which was down for a few hours before being restored. There are speculations that this disruption was an attempt at cybersquatting due to delayed registration. Importantly, this incident did not involve any compromise of customer personal data. Whitehat.NG Telegram Punch

Issues Affecting Cyber Incidents Reporting

The main issues affecting reporting cyber incidents in Nigeria are:

  1. Trust and Cultural Problems: Nigerian organisations have trust issues with security researchers who find vulnerabilities or get access to company data. Some organisations may intimidate or sue the researchers instead of fixing the issues. Some organisations may also fear losing their reputation, investment or customers if they disclose cyberattacks.
  2. Lack of Enforcement: The Cybercrime Act mandates individuals and organisations to report cyberattacks to the National CERT, but there is no serious enforcement of this law. People do not feel the need to report these incidents and there is no database of known breaches or how they happened
  3. Low Prioritization of Security: Many organisations treat security as an afterthought and do not have a dedicated or full-time cybersecurity role. They adopt basic security practices but rarely have a team handling this critical part of their systems1. This makes them more vulnerable to cyberattacks and less prepared to respond to them.
  4. Limited Reporting Channels: There are limited reporting channels for cyber incidents in Nigeria, which may make it difficult for individuals and organizations to report incidents.
  5. Lack of Trust in Authorities: There is a general lack of trust in Nigerian authorities, which may discourage individuals and organizations from reporting cyber incidents.
  6. Fear of Legal Repercussions: Some individuals and organizations may be hesitant to report cyber incidents due to fear of legal repercussions or negative publicity.
  7. Lack of Awareness: Many individuals and organizations in Nigeria are not aware of the importance of reporting cyber incidents. They may not know what constitutes a cyber incident or who to report it to.

About

A repository for tracking events related to cybersecurity incidents in Nigeria, as reported publicly, documented by affected organizations and shared internally within the cyber community

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published