Cyber Incident Victim: Airtel Mobile Commerce Uganda Limited
Date:
Oct 2022
Location:
Uganda
Summary
Hackers exploited a gaming platform's website to infiltrate Airtel Mobile Commerce Uganda Limited's systems, executing a black box attack that manipulated transaction approvals to siphon nearly Shs8 billion. The breach impacted multiple banks and microfinance institutions, with 1,840 SIM cards prepared for fraudulent withdrawals; 1,800 transactions were completed before intervention. Criminal Investigations Directorate (CID) officials initiated an investigation, questioning the affected betting firm's personnel and AMCUL executives, while Airtel maintained that customer balances remained secure and its platform met global security standards. The incident highlighted escalating cyber threats in the region, following similar attacks on financial entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2022, hackers executed a coordinated attack against Airtel Mobile Commerce Uganda Limited (AMCUL) by exploiting vulnerabilities in a licensed Ugandan betting platform’s website. The attackers used this gaming site—which advertised standard encryption protections—as an entry point to infiltrate AMCUL’s digital systems. Once inside, they manipulated AMCUL’s software to automatically approve all transaction requests, bypassing normal security validations. This "black box attack" enabled the unauthorized withdrawal of nearly Shs7.6 billion (approximately $2 million USD) from AMCUL’s central systems. The hackers prepared 1,840 registered and preregistered SIM cards to facilitate bulk transfers, successfully executing transactions through 1,800 SIM cards before the breach was detected and halted. Money mules acting on behalf of the attackers received the siphoned funds via mobile money transfers. Multiple banks and microfinance deposit-taking institutions (MDIs) in Uganda were impacted by the theft, though Airtel Uganda publicly asserted no customer balances or bank accounts were compromised.
The incident triggered immediate investigations by Uganda’s Criminal Investigations Directorate (CID), with one affected MDI filing a formal complaint at the Cyber and Counter Electronic Measure Desk in Kibuli. CID Director AIGP Tom Magambo confirmed the probe was prioritized, though he declined to specify suspects or confirm arrests despite internal CID sources indicating some detentions. AMCUL’s senior management was summoned to CID headquarters to provide official statements. The unnamed betting firm faced imminent scrutiny, with its executives scheduled for questioning the following Monday; attempts to contact its purported CEO revealed he had severed ties with the company weeks earlier, though his departure’s connection to the hack remained unclear. The attack exacerbated concerns over Uganda’s rising cybercrime rates, following UGAFODE Microfinance Limited’s loss of Shs400 million to hackers earlier in 2022. Police data cited 10,057 economic crimes in 2020 alone, predominantly fraud and cyber-related offenses. Airtel maintained its platform’s security met “world-class specifications” despite the breach.