OnNet

The funny thing is that some of these older ODM bloggers were serious orchestrators of Hacktivism by Anonymous groups in Kenya from 2013 to 2015. All those Kenyan https://t.co/J01pzs1xoo sites that were being defaced, we ended up tracking most of the material support to some of these bloggers. They would approach young Pentesters and RedTeamers and since Kenyan government had cyber capabilities then, it was easier to run OCO and covertly get data/COMINT & SIGINT that showed the criminal activity that was supported by ODM party. Now tables have turned and these criminals are in government. Isn’t it crazy that there is no background checks when most of the intelligence services in Kenya are aware that these people orchestrated and provided material support to damage Kenyan Government Infrastructure eight to eleven years ago?

I am from the green part of the continent and I am the first author in the whole wide world, to write authentic cyber ops novels that showcase SIGINT collection, cyber attacks, CNO Planning and others, plus how that interacts/blends with special warfare units, to reach a commander’s objective in Peacetime and in Wartime. There are people who have come up with other products too, e.g Mpesa. Don’t be a racist!

Many people have long believed that Africa doesn't have serial rapists or killers. However, these predators do exist. This reality was underscored by a case earlier this year when a well-connected girl was brutally murdered. Most of these assaults are planned, with victims targeted first via the internet before the crimes transition to the meatspace/physical realm. Many of these assaults often go unreported, especially when the target is a low profile victim (LPV). The short story, which has evolved into a novelette, is inspired by these incidents, with the hope that it will impart lessons to young women about the importance of both cyber and physical security. 𝐃𝐨𝐧’𝐭 𝐘𝐨𝐮 𝐑𝐮𝐧 — 𝐂𝐡𝐫𝐢𝐬𝐭𝐦𝐚𝐬 𝐂𝐲𝐛𝐞𝐫 𝐌𝐢𝐫𝐚𝐜𝐥𝐞, 𝐚 𝐬𝐡𝐨𝐫𝐭 𝐬𝐭𝐨𝐫𝐲: Paige was a heartbreaker at JKUAT. A year ago, she was raped by several boys from college, including Gideon, her boyfriend at the time. The traumatic experience led to a pregnancy and, ultimately, a miscarriage. Despite the ordeal, she returned to school, but her father transferred her to a new university, USIU-Africa. Her sudden departure left her friends curious, but she tried to distance herself from them because they had turned their backs on her, especially after the assault. However, her past came back to haunt her when she started receiving frightening messages from a creeper, likely someone from her time at JKUAT. She had avoided everyone from her past life, including her old circles, as if it were a former existence. Then, everything changed on that Saturday night when she attended the end-of-year party.

From studying iSOON, one thing I always knew is that Chinese cyber operations contractors share CONOPs, capabilities, and TTPs. Apart from ChengDu 404's fights with iSOON, these groups shared a lot more than what we see from other APTs around the world. Yes, the US does stockpile and share capabilities through clearance to different units. Maybe that’s where they learnt that from. When I saw Blackwood & PlugX being used by different groups with just minor changes, and then the use of BPFDoor emerging from different Chinese APTs in China against African Telkoms, I knew things were not the same. Anyway, the iSOON leak clears up most of these questions for me, and I hope someone drops some intel from Chengdu404, soon.

In certain instances, highly capable nations conduct Foreign Internal Defense Training (FIDT) for both Meatspace and Cyberspace. However, these training sessions are typically shrouded in secrecy due to concerns about the potential leakage of Tactics, Techniques, and Procedures (TTPs). Trainers are often instructed to limit the dissemination of knowledge that could significantly advance the capabilities of the host country. Specifically in Information Operations, cyber ops, and cybersecurity, the offensive tactics commonly taught involve tools such as Kali, Metasploit, nmap, etc., placing an upcoming operator on the level of a beginner or Pentester. As a commander or team leader, what strategic advice would you propose to upper leadership to ensure the success of these training programs? Do you believe that real-world training, particularly for CNO Operators, plays a crucial role in advancing the capabilities of your team?

Defray777, also known as RansomExx2 and formerly known as RansomExx, compromised Kenya Airways a while ago. Since KQ didn't pay, the group leaked close to 3GB of their data online. Some of the leaked data was sensitive, particularly containing damaging information on several incidents/investigations involving KQ flights, airports, and shipping. RansomExx is part of the FIN Groups that transitioned their main payload from C/C++ to Rust for deploying Ransomware. The change from RansomExx to RansomExx2 is a counterintelligence maneuver used by Russian FIN groups to evade tracking by CTI and counter-cyber organizations. The group utilizes IcedID ISOs for Initial Access Operations (IAO) and Cobalt Strike for lateral operations and data collection. #KQHack #cyberattacks