Cyber Threat Actor: Wazawaka
| Actor Type | Location | Known Incidents |
Criminal
|
Switzerland
|
2 incidents |
|---|
Profile
Wazawaka is the aliasused to refer to a threat actor whose known location is Switzerland. The actor has been publicly associated with a data breach that occurred on January 1 2024 involving an external provider for the energy services of the municipality of Yverdon‑les‑Bains. According to the official announcement from the city, the breach exposed contact and billing information of roughly twelve thousand three hundred individuals and organizations. The compromised data includes personal details that could be leveraged for phishing attempts via telephone or SMS, fraudulent attempts to access online accounts by exploiting security questions, and potential identity theft when combined with other publicly available information. Affected parties are being notified of the incident through postal mail, as stated in the same municipal notice. The breach highlights risks of unauthorized financial transactions, credential theft through deceptive links or calls, and the misuse of personal data to impersonate victims for malicious activities such as opening fraudulent accounts.
The incident specifically concerned a third‑party service provider that supports the municipal energy utility, indicating that the actor’s observed activity intersected with the utility sector in this case. The geographic focus of the reported operation is confined to the Yverdon‑les‑Bains area in Switzerland, reflecting the locality of the affected provider and the municipality’s notification efforts. No additional sectors, regions, or patterns of targeting have been documented in publicly available sources linked to this alias.
No specific malware families, initial access vectors, or tooling styles have been referenced in the available reporting concerning Wazawaka, and therefore no technical tactics can be detailed from the current information. Likewise, no public attributions to state sponsors, criminal consortia, or other affiliations have been made beyond the alias and its Swiss location.
The Yverdon‑les‑Bains data breach represents the sole publicly reported operation associated with the Wazawaka identifier, and no further campaigns or activities have been disclosed in open sources. Consequently, the profile is limited to the confirmed facts of the alias, its Swiss location, and the specifics of this single incident, with all other aspects remaining undocumented in the referenced material.
