A repository for tracking events related to the cybersecurity incidents in Nigeria, as reported publicly, documented by affected organizations or shared internally within the community. See problems we are solving with this.
| Publish Date | Type | Description | Source |
|---|---|---|---|
| November 2014 | Defacement | The website of the Federal University of Technology, Minna (FUTMINNA) in Nigeria was defaced. | Nairaland |
| January 2015 | Defacement | In January 2015, a group of hackers called Lizard Squad defaced the official website of the Nigerian Defence Headquarters, displaying a message that read: “Hacked by Lizard Squad. Official Cyber Caliphate”. The group claimed to be affiliated with the Islamic State militant group and Boko Haram, and threatened to release sensitive information from the website | Wikipeadia |
| July 2015 | Defacement | In July 2015, a group of hackers called the Nigerian Cyber Army defaced the official website of the Independent National Electoral Commission (INEC), displaying a message that read: “Sorry xD Your Site has been STAMPED by TeaM Nigerian Cyber Army. FEEL SOME SHAME ADMIN!! Security is just an illusion”. The group claimed to be protesting against the alleged rigging of the 2015 general elections. | Premium Times |
| September 2016 | Defacement | The website of the University of Ilorin (Unilorin) was defaced | Nairaland |
| June 2017 | Defacement | In June 2017, a group of hackers called Team System DZ defaced several Nigerian government websites, including those of the National Health Insurance Scheme, the Nigerian Ports Authority, and the Nigerian Investment Promotion Commission. The hackers posted messages that read: “Hacked by Team System DZ. I Love Islamic State”. The group also claimed to be affiliated with the Islamic State militant group | Premium Times |
| October 2017 | Defacement | In October 2017, a group of hackers called AnonPlus defaced the official website of the Nigerian Police Force (NPF), displaying a message that read: “Hacked by AnonPlus. This account has been hacked by AnonPlus. We are not criminal, we are not terrorist. We are people who fight for freedom and justice”. The group claimed to be affiliated with the Anonymous movement and demanded the release of Nnamdi Kanu, the leader of the Indigenous People of Biafra (IPOB) separatist group | Pulse |
| 2018 | Defacement | In 2018, the official website of the National Assembly was hacked and defaced by a group called Eagle Eye, which posted a message accusing the lawmakers of corruption and demanding accountability. | Pulse |
| September 2018 | Data Leakage | The author discovered an open Amazon S3 bucket containing sensitive data of Arik Air customers, such as names, emails, credit card details, travel itineraries and 2FA codes. The author tried to notify Arik Air via various channels but received no reply for a long time. It took about one month for Arik Air to secure the bucket after the initial notification. Analysis of the data revealed some interesting patterns, such as the most common email providers, currencies, card types, business names, countries and payment types of the customers. And also showed how the data could be used to track a customer’s travel history and identity. | Rainbowtabl |
| August 2019 | Insecure Misconfiguration & Data Exposure | The website yellowcardnigeria.com, a service for the Federal Ministry of Health to validate yellow cards, has been compromised and exposes users’ private information. The website housed sensitive health information for Nigerian air travellers who have been vaccinated against yellow fever. | Business Day |
| November 2019 | Defacement | In November 2019, a group of hackers called Ghost Squad Hackers defaced several Nigerian government websites, including those of the Ministry of Justice, the Ministry of Defence, and the Ministry of Finance. The hackers posted messages that read: “Hacked by Ghost Squad Hackers. We are here to expose your corrupt government. You can’t silence us”. The group claimed to be exposing corruption and human rights violations in Nigeria. | The Cable |
| 2019 | Ransomware | In 2019, the University of Ibadan was hit by a ransomware attack that encrypted its academic records and financial data. The attackers demanded $1,200 in Bitcoin for the decryption key. | Premium Times |
| December 2019 | Data Breach | Surebet is a Nigerian online sports betting operator that suffered a data breach in December 2019. The breach exposed the personal and financial information of over 32,000 customers, including names, addresses, phone numbers, email addresses, bank account numbers, and betting histories | Business Day |
| December 2019 | Data Breach | The LIRS data breach was a cyberattack on the Lagos State Internal Revenue Service (LIRS), a Nigerian tax agency, in December 2019. The attack exposed the personal information of taxpayers of Lagos State such as names, addresses, phone numbers, email addresses, and tax identification numbers | Business Day |
| March 2020 | Resource Hijacking / Crypto Miners Infection | The experience of a cybersecurity team that encountered crypto-mining malware in organizations. The team found out that the malware used Powershell to disrupt legitimate processes and infect critical servers in an energy distribution company and ISPs in Nigeria thereby disrupting core business. | CyberDome |
| July 2020 | Source Code Leakage | A recent source code leak affected dozens of companies, including TeamApt, a Nigerian payment company. The leak was caused by a vulnerability in a tool that scans for bugs and vulnerabilities in the source code.TeamApt’s CEO said that only snapshots of codes were exposed and no data or configuration was leaked. He also said that the hackers have deleted the source codes and the vulnerability has been patched | Business Day |
| October 2020 | Defacement | In October 2020, a group of hackers called Anonymous defaced several Nigerian government websites, including those of the Central Bank of Nigeria, the Economic and Financial Crimes Commission, and the Independent National Electoral Commission. The hackers posted messages that read: “We are Anonymous. We are legion. We do not forgive. We do not forget. Expect us”. The group claimed to be supporting the #EndSARS protests against police brutality in Nigeria | Guardian |
| April 2022 | Data Breach | A data breach affecting the Nigerian organization PLASCHEMA (Plateau State Contributory Health Care Management Agency) exposed the personal data of thousands of citizens | Website Planet |
| April 2022 | Ransomware | Bet9ja is a Nigerian online sports betting operator hacked in April 2022 by a group of hackers known as the Russian Blackcat (ALPHV) group. The hackers launched a cyberattack on the Bet9ja website and disrupted its services for several hours | Nairametric |
| April 2022 | Breach | CyberPlural MSSP believe there was an ongoing campaign targeting organizations' networks in Nigeria. From what was observed during this period, TA(s) :💥initial access leverage vulnerable servers and apps, 💥exploitation toolkits like Cobalt Strike are in use, 💥possibly a larger goal of #ransomware deployment | CyberPlural |
| May 2022 | Ransomware | An individual report from a University lecturer of a ransomware incident involving IFLA Ransomware, all important school work and files were encrypted in the process. A ransom note pointing to a $450 payment in Bitcoin was found. Investigation revealed info stealer (RedLine) was executed on the affected laptop carting away credentials before the ransomware execution, also reporting MSSP found the user to be a fan of Torrent and Crack Software. | CyberPlural-MSSP |
| May 2022 | Data Breach & Stolen Fund | MoMo PSB suffered a breach in May 2022, just days after its launch, that resulted in the loss of 22 billion Naira ($53 million). The breach involved 700,000 unauthorized transfers to about 8,000 accounts in 18 Nigerian commercial banks. MoMo PSB claims that the transfers were done in error and that no customer funds or data were affected | qz.com |
| June 2022 | Security Misconfiguration & Stolen Funds | Hackers withdrew ₦1.755 billion from Globus Bank customers’ accounts after a system glitch in its USSD channel. Globus Bank recovered ₦817,998,969.85 from the fraudsters’ accounts but could not retrieve ₦962,019,843.35 from eight other banks. Globus Bank filed a suit at a high court in Lagos to recover the outstanding funds and obtain account information of the beneficiaries. | Business Post |
| July 2022 | Compromise OWA Web Service | Several .gov.ng including some other private organization OWA web services/servers were compromised in the H1 (First Half) of 2022 including that of Lagos State government. Community reveals that some hackers have compromised and sold valid email accounts from this operations | Community |
| September 2022 | Phishing / Credential Theft | Threat actor (TA) used InterPlanetary File System (IPFS) to host a phishing script that targeted businesses/organizations in Nigeria. Shows how the TA delivered an email with a hyperlink that points to an IPFS address. When the user supplies any email address with the domain at the back of the hash (#) sign, the phishing script loads the organization’s website in the background and automatically fits in the logo to make it more believable to unsuspecting users at the sign-in box. | CyberPlural |
| October 2022 | Defacement | The Abia State Government website was defaced with a message demanding 0.248BTC as ransom | Nairaland |
| November 2022 | Ransomware | An individual report of a ransomware incident where files were encrypted and all changed to the .FATP extension (a variant of DJVU ransomware) and the ransom note was requesting $950 in bitcoin from the user, further investigation reveal user's credential has been stolen and the victim's refusal to pay led to damages to cloud resources whose credential have been stolen. Lack of 2FA on cloud accounts leads to those damages. | CyberPlural-MSSP |
| November 2022 | Defacement | The admission portal of the University of Ibadan, (UI) was defaced. | Federal Character |
| December 2022 | Defacement | In December, a group of hackers called z7F HaCkEr defaced NITDA main website | Community |
| January 2023 | Phishing / Data Collection | A malicious actor created a fake portal for the 2023 General Election in Nigeria, using a domain with a spelling error (Recriutment) and phishing for users’ personal information. The same domain has been hosting similar fake platforms since 2022, targeting users in Nigeria, Ghana and Kenya with fake youth empowerment, jobs, visa sponsorship and grants from presidential aspirants. The malicious actor uses a URL shortener (Lyupz) to hide the main domain and distributes the links through WhatsApp Groups, relying on unsuspecting users to share them with others | CyberPlural MSSP |
| January 2023 | Ransomware | A Federal agency experienced a ransomware incident on one of its internet-facing servers where all files in the shared folder got encrypted. The ransom note read the files have been encrypted by 0XXX Virus and victims can buy decryption for $ 300 USD in bitcoin by sending the unique ID to sergev_petrov1983@mail.ru | Whitehat.NG |
| March 2023 | Breach and Stolen Funds | Hackers transferred over ₦2.9 billion from Flutterwave accounts in early February 2023. Flutterwave reported the case to the police and filed a suit to freeze accounts in 27 financial institutions in Nigeria where some of the money was moved. Flutterwave denied the hack and claimed that no user lost any funds. It also said it invests heavily in security measures such as audits, certifications, and licenses. Some Twitter users confirmed that their accounts were frozen or locked as a result of the hack. Some also questioned Flutterwave’s security and transparency | Tech Cabal |
| March 2023 | Defacement | Babcock University's Information Management System (UIMS) Account was hacked and the website was defaced with pornographic content | Premium Times |
| April 2023 | Ransomware | The Leadway Assurance hack was an attempted cyberattack on the Leadway Assurance Company Ltd., a leading Nigerian insurance company, in April 2023. The attack was allegedly carried out by the ALPHV ransomware group, a cybercriminal gang that encrypts and steals data from its victim. Sample data released to the dark web | FalconFeedsio |
| May 2023 | Insider Threat & Stolen Funds | The hackers of Afriq Arbitrage System (AAS), a global crypto space, were led by one of its staffers, Abayomi Segun Oluwasesan, who betrayed his boss, Jesam Micheal, while he was undergoing a liver transplant. Abayomi and his cohorts hacked the platform and withdrew several millions of dollars from over 100,000 investors from over 75 countries. They spent the money on exotic cars, properties, citizenships, and travel. The hacking incident crashed the platform and left many investors in suicidal, traumatic, and helpless situations. Some of them lost their retirement savings, family members, and lifelines. They demand justice for Abayomi’s crimes. | Independent |
| May 2023 | Controversial Disclosure | A controversial LinkedIn post by David Sennaike about Nigeria's Financial Institutions and the plethora of vulnerabilities on which they operate generated a lot of comments and received mixed reactions from Cybersecurity leadership across the Financial Space | Community |
| May 2023 | Breach & Stolen Funds | Patricia’s recent announcement of a breach on its retail trading app, which froze withdrawals for users. It reveals that the breach happened in January 2022 and cost the company $2 million. | Tech Cabal |
| July 2023 | Defacement | The Ogun State Government website was defaced with a message hinting the technical team to update their security. | Punch |
| July 2023 | Ransomware | Globacom Nigeria's recent ransomware attack was a cyberattack on Globacom Nigeria Ltd., a leading Nigerian telecommunications company, in July 2023. The attack was allegedly carried out by a known ransomware group (ALPHV), a cybercriminal gang that encrypts and steals data from its victims. The hacker, who is demanding $2.5m, claims to have been in control of the network for 12 days undetected | Community |
| August 2023 | DDoS | On August 1, 2023, Anonymous Sudan declared on their Telegram channel that it would launch cyberattacks on Nigeria’s vital information systems. This was in response to Nigeria’s participation in ECOWAS’s recent instructions to the Nigerien military to hand over power to the democratically elected government of the Niger Republic. This planned attack began on the 2nd of August, with MTN Nigeria leading the victim list and a partial service outage was observed by customers and users of various services | Community, ngCERT, Whitehat.NG |
| August 2023 | Info & Credential Stealer Malware Campaign | Several MSSPs and private SOCs were reporting several cases of information and credential stealer malware in their various constituent. One reported some markets and forums on the dark web have started listing credentials stolen from different Nigerian platforms for sale for as low as $10 per credential.RedLine, Racoon, Lumba and other sample have been reported so far | Whitehat.NG Telegram, CyberPlural |
The main issues affecting reporting cyber incidents in Nigeria are:
- Trust and Cultural Problems: Nigerian organisations have trust issues with security researchers who find vulnerabilities or get access to company data. Some organisations may intimidate or sue the researchers instead of fixing the issues. Some organisations may also fear losing their reputation, investment or customers if they disclose cyberattacks.
- Lack of Enforcement: The Cybercrime Act mandates individuals and organisations to report cyberattacks to the National CERT, but there is no serious enforcement of this law. People do not feel the need to report these incidents and there is no database of known breaches or how they happened
- Low Prioritization of Security: Many organisations treat security as an afterthought and do not have a dedicated or full-time cybersecurity role. They adopt basic security practices but rarely have a team handling this critical part of their systems1. This makes them more vulnerable to cyberattacks and less prepared to respond to them.
- Limited Reporting Channels: There are limited reporting channels for cyber incidents in Nigeria, which may make it difficult for individuals and organizations to report incidents.
- Lack of Trust in Authorities: There is a general lack of trust in Nigerian authorities, which may discourage individuals and organizations from reporting cyber incidents.
- Fear of Legal Repercussions: Some individuals and organizations may be hesitant to report cyber incidents due to fear of legal repercussions or negative publicity.
- Lack of Awareness: Many individuals and organizations in Nigeria are not aware of the importance of reporting cyber incidents. They may not know what constitutes a cyber incident or who to report it to.