The attack by the AFT was a collaborative effort that involved another group that we tracked named Grapzone. By then Grapzone was headed by a hacker from Kasarani who was connected to the former cartel leadership from 2013 to 2017.
OnNet operators were requested by the GoK bank, to pursue the adversaries and, run collection of intelligence and observe operations as the Group conducted attacks from Kasarani. This operation was codenamed Operation BoraNotes, from the backdoor named OneNote.exe that was coded and implemented by Grapzone group.
Eventually, the intelligence collected showcased the extended damages and attacks the groups were running and the support from other AFT groups during operations against Saccos, Car industries, Supermarkets and Banks. With the team leader of their Group by name Rueben Kirongothi who was also arrested in Rwanda, OnNet and allied companies were able to help assist their apprehension and suppression from Further attacks. This eventually stopped Forkbombo group from further expansion, back to a Cartel.
OnNet Group continues to track other AFTs and Adversaries. For more details, check our Former OnNet Africa Blog