AidInfoSec Report an attack

Attack Database /

Attack detail

Attack Date Location
Unknown Unknown
Target organisation Attack category
Catholic Relief Services / Red Rose Active attack
Surface Type
cloud-based server "Red Rose" Unknown

Additional notes on attack

"In response, RedRose denied that any systematic breach took place and said it was the victim of industrial espionage by its competitor. The organization said that their systems are secure." [..] "The report by Mautinao Technologies detailed the nature of the information accessed by their staff member that occurred while conducting “competitive research” on RedRose’s Android App ahead of applying for a tender by the Norwegian Refugee Council for the provision of payment solutions" (DEVEX)

Harm Notes
Reputational harm Future Harms: Operational, "Aid agencies have put some projects on hold while reviewing security" Reputation Harm: Failure published in NGO community media and online Kenya-based media. Knowledge of breach in communities who's data were put at risk (and therefore repetitional and psychological harm) unclear from reporting. Additional Repetitional harms to 'Red Rose' provider.
Future harms Resolution/Recovery
Other Unclear. Programs from multiple NGO's suspended while investigation took place.
Actor type
Unknown
Attacker agenda
Other: FinTech Provided linked to server and NGO's using it appears to have tested/located exploit vulnerability, but unclear if this has been explored by others "Mautinoa, a new provider of payment systems and technologies, was able to enter a cloud-based server of the NGO, Catholic Relief Services, and access names, photographs, family details, PIN numbers and map coordinates for more than 8,000 families receiving assistance from the NGO in West Africa."