Kuwait’s government has successfully restored its systems after being targeted by a cyber attack on the Mount Program, which specifically affected the Ministry of Finance. The attack began on September 18, and immediate measures were taken by officials to isolate and shut down the affected systems. To alleviate concerns, the authorities assured the public that salary payments are processed on a separate network.
The Kuwait Ministry of Finance has reported that the National Cyber Center is working tirelessly to resolve the issue. They have also sought the assistance of cybersecurity specialists, including experts from other governments, although their identities have not been disclosed. The Ministry confirmed that all data related to civil servants’ salaries are stored within the department’s systems, and financial transactions are still being recorded. All other government departments remain operational as usual.
On September 25, the hacker group known as Rhysida added the Kuwait Ministry of Finance to its list of victims. The group demanded a ransom from the government, although the specific amount was not disclosed. They set a deadline of 7 days for the payment to be made.
The news of the Ministry of Finance hacking was announced on the Rhysida website.
It is worth recalling that Rhysida gained notoriety in the United States following a large-scale attack on Prospect Medical Holdings, a company that manages 16 hospitals across multiple states. This attack resulted in the disruption of emergency medical services.
In addition, researchers from Check Point Research have identified tactical similarities between Rhysida and the Vice Society extortion groups, particularly in their targeting of the education and health sectors. They have noted that the Vice Society operators are currently utilizing the Rhysida Mrown Program in their campaigns with some degree of certainty.
Earlier this year, the Palo Alto Networks Unit 42 report revealed that the Vice Society group had targeted 33 educational institutions in 2022, making them the most active extortion group in this sector. Palo Alto Networks recognized Vice Society as one of the most influential extortion groups of 2022. Overall, the group has targeted companies across various sectors including healthcare, government, manufacturing, retail, and legal services.