Who hacked M-Tiba?

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHTS

Who hacked M-Tiba?

A threat actor named Kazu is advertising 2.15 terabytes of data, allegedly stolen from M-TIBA and containing the sensitive records of 4.8 million Kenyan users, including treatment diagnoses and links between specific individuals and the medical centers where they received care. In finance, we worry about the cost of a credit card breach. In health, the cost is reputation destruction and, more importantly, personal extortion and targeted fraud. 

M-TIBA was launched in 2016 through a partnership between CarePay, Safaricom (Kenya's telecom giant), and the PharmAccess Foundation. It’s a mobile platform that lets users save, send, and spend funds specifically for medical treatment. It’s praised as an engine for financial inclusion and a path toward universal health coverage, impacting 4.8 million lives and partnering with thousands of providers. M-TIBA's brilliance is also its vulnerability. It acts as a centralized hub connecting three critical, high-value data pools: mobile money, insurance data, and medical records.

Kazu is a financially motivated data broker who operates primarily on Russian-speaking cybercriminal forums. They find huge, sensitive databases, steal them, and sell them for maximum profit. Their recent portfolio includes:

• September 2025: Claimed access to the Government of Dubai’s Ports, Customs, and Free Zone Corporation (PCFC), leaking 1.94 TB of data (passports, IDs) for an asking price of $50,000.

• July 2025: Claimed a breach of the Royal Thai Police, boasting a leak of over 122 GB of law enforcement records (arrest reports, internal comms).

Kazu is an emerging name, so there’s still so much we don’t know about them. There might be an important point here. There’s a difference between Kazu’s breach of the Dubai Government infrastructure and the Thai Police, in comparison to M-TIBA. Government networks often involve exploiting vulnerabilities in perimeter defenses and highly classified but often poorly segregated data dumps. A consumer-facing platform is a tad different. There’s presumably more active reconnaissance in breaching M-TIBA than in their previous portfolio.

Three elections, two internet disruptions

The optimistic view of the African continent's digital future was the Leapfrog Model: mobile money, instant connectivity, and an explosion of innovation (like Cameroon’s Silicon Mountain). The Internet was viewed as an engine of development and a key driver of the UN SDGs, specifically Goal 9c: universal and affordable access to the Internet.

When governments started flicking the switch, the international community's response was sharp and ostensibly unified. In 2016, the UN Human Rights Council passed a resolution condemning countries that prevent or disrupt online access and calling for free speech protections. After, the African Commission on Human and Peoples' Rights declared that governments should not disrupt internet access for segments of the public or an entire population. These were the moral and legal floor for digital access in African nations. International advocacy groups like Access Now and local tech entrepreneurs complained about the financial damage, often stating that shutting down the Internet is a self-inflicted economic wound. 

In the past week, internet disruptions have been witnessed in Cameroon and Tanzania, two of the three African countries that held elections in October. Ahead of the general election on October 29, 2025, and amid a wave of deepening political repression, Tanzania imposed nationwide internet restrictions and severe disruption of mobile data services. In Cameroon, the internet was shut down following protests alleging electoral fraud.

Russia keys in on Ugandan surveillance

State surveillance is simple. The state says, “I want to keep my people safe, and to do this, I need to know what everyone is doing.” Uganda’s relationship with Russia reached a new level when he a 10-year contract awarded to a Russian company, the Joint Stock Company Global Security, to implement and Intelligent Transport Monitoring System (ITMS).

The pitch is that it will track drivers involved in illegal activities and enforce an express penalty system. 

The Russian firm is providing digital number plates embedded with RFID chips and tracking devices that can transmit location data in real time. The Ugandan government is also making vehicle owners pay for the privilege of being spied on. Initial costs includes an installation fee and the cost of the new plate. ITMS is designed to integrate with the US$126 million Chinese-supplied CCTV "smart city" network (from Huawei) that already blankets Kampala.

FEATURE

• An investigative report by Lighthouse Reports and a coalition of over 70 journalists exposes the global proliferation and misuse of a sophisticated phone-tracking software called Altamides, developed by the Austrian company First Wap. The investigation, sparked by a vast trove of 1.5 million tracking records found on the deep web, reveals how Altamides exploits the SS7 telecommunications protocol to pinpoint the real-time location of phones worldwide, across over 160 countries.

• This interview with Dr. Albert Antwi-Boasiako, the former Director-General of Ghana’s Cyber Security Authority, offers an insightful look at the evolution of cyber threats in West Africa. Dr. Antwi-Boasiako explains that the region's cybercrime, once focused outward (like the infamous "419" scams targeting Westerners), has critically shifted inward, now targeting own critical infrastructure and digital transformation initiatives (digital IDs, paperless ports, etc.).

HEADLINES

• Microsoft warns Africa is unprepared as the Nigerian private sector faces rising threats

• Airtel strengthens presence with new data hubs in Nigeria, Kenya

• Absa and Huawei Launch Private Cloud to Drive Digital Banking Innovation

• Lagos hosts GidiSync roundtable on cyber threats

• Cameroon's Internet access disrupted as election protests continue

• Algeria moves to tighten regulation of TikTok, Facebook, and YouTube 

• Burkina Faso Launches National AI Campaign to Promote Digital Sovereignty

• National Week Against Cybercrime: Burkina Faso's Ministry of Security kicks off campaign

• Zimbabwe officially signs the United Nations Convention against Cybercrime

ACROSS THE WORLD

• “Copyright troll” accuses Meta of pirating porn to train AI

• NYPD sued for using Microsoft-powered spy network to track New Yorkers

• Israeli government hires new firm to create content, train ChatGPT to be pro-Israel

• Over 2,000 fake news items found attacking the Cambodian government over the border dispute with Thailand

OPPORTUNITIES

• EDSAFE Women in AI fellowship

See you next week.