How we tracked Forkbombo Group

Forkbombo group, a son of the Cartel that was stopped by Multi-Agency taskforce at Kenya Revenue Authority, was tracked by OnNet from 2018 after they Penetrated one of the GoK Banks and stole several millions that was meant for a local industry upcountry

The attack by the AFT was a collaborative effort that involved another group that we tracked named Grapzone. By then Grapzone was headed by a hacker from Kasarani who was connected to the former cartel leadership from 2013 to 2017.
OnNet operators were requested by the GoK bank, to pursue the adversaries and, run collection of intelligence and observe operations as the Group conducted attacks from Kasarani. This operation was codenamed Operation BoraNotes, from the backdoor named OneNote.exe that was coded and implemented by Grapzone group.
Eventually, the intelligence collected showcased the extended damages and attacks the groups were running and the support from other AFT groups during operations against Saccos, Car industries, Supermarkets and Banks. With the team leader of their Group by name Rueben Kirongothi who was also arrested in Rwanda, OnNet and allied companies were able to help assist their apprehension and suppression from Further attacks. This eventually stopped Forkbombo group from further expansion, back to a Cartel.

OnNet Group continues to track other AFTs and Adversaries. For more details, check our Former OnNet Africa Blog

Posted by Threat Intelligence Team at OnNet on 21st September 2021