BGFIBank was the victim of a major cyberattack from the Bianlian cybercriminal groupJune 21, 2023. The attack has allowed the theft of 256 GB of highly sensitive data, expthus daring the confidential information of customers and members of the board of directors. With countdown, a ransom in hundreds of millions of CFA francs was demanded.
Bianlian’s cybercriminals are demanding a ransom of 55 bitcoins (about 1.5M euros or 998M FCFA). © GabonReview (Editing)
Main banking group in Central Africa, BGFIBank was the victim of a major cyberattack on Wednesday, June 21. Responsibility for the attack was claimed by a cybercriminal group known as Bianlian. The technological kidnapping endangered the security of the bank’s sensitive data, and exposed the confidential information of its customers and members of the board of directors.
The certification of Clément Domingo SaxX, the Bianlian group and the ransom
“ethical hacker“, as presented, last June, the pan-African media Young Africa and, in March 2022, the French daily West France, the Senegalese Clément Domingo, alias SaxX, who wants to put himself at the service of African states and whose seriousness can no longer be doubted, confirmed the cyberattack. Not a member of the Bianlian cybercriminal group, he has the expertise to be himself a former hacker from the “good side of the force“.
“In the total absence of information and radio silence on the side of the bank, my various tools and access to certain parts of the dark web and specific channels, allowed me to learn more:
– a ransom of 55 bitcoin to date has been demanded from the group. This is the equivalent of around 1.5M euros or 998M FCFA.
– a list of files held by the group of ransomers is shared on some specific channels, a guarantee of their success regarding the hacking of the BGFI Bank“, posted, on June 26, 2023, on his Twitter account Clément Domingo SaxX, a connoisseur of the depths of the dark web and the vulnerabilities of computer systems. The cybercriminals have therefore started a countdown and demand a ransom of 55 BTC (about $1671835 or 998,000,000 FCFA) to delete the data. BGFIBank had an ultimatum of 8 days. We do not know about the follow-up given to this blackmail.
The Bianlian group’s hackers are not unknown to the battalion. According to the Federal bureau of investigation (FBI), the Cybersecurity and infrastructure security agency (CISA) and the Australian cyber security center (ACSC), the Bianlian group “targeting organizations in multiple critical infrastructure sectors in the US since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development“.
BGFIBank in the DRC
BGFIBank, which operates in ten African countries, represents an attractive target for cybercriminals due to its leading position in the region. The attackers claim to have managed to recover 256 GB of highly sensitive data, including financial documents, customer information, personal files, credit reports and administrative records.
If the head office of the banking group is in Gabon, Clément Domingo SaxX, the cybersecurity specialist who cut his teeth in France, does not specify less that it would seem that the systems of the Democratic Republic of Congo (DRC) are the most affected by this cyberattack. An investigation is underway to confirm or deny this claim and determine the full scale of the attack.
This new cyberattack against BGFIBank would add to a series of recent incidents targeting African financial institutions. Just a few weeks ago, the Bank of Africa was also the victim of a cyberattack, highlighting the growing vulnerability of the financial sector in Africa.
In the Gabonese banking group’s 2022 annual report, Henri-Claude Oyima, chairman of the board of directors, already acknowledged that that year that “the question of the security of information systems has been paramount, threats and attempts at cyberattacks have multiplied“. The bank claimed no less, in the same report, “769 hours of training“, just for its Senegal branch. Training aimed atbetter respond to customer expectations“, among others the “cyber security and security management“. A Potemkin cybersecurity?
