Egyptian Tax Authority: Money Message Ransomware Attack In November 2024, the Money Message ransomware group claimed a successful attack against the Egyptian Tax Authority (ETA), one of the most sensitive financial data custodians in the Egyptian government. Money Message operates as a double-extortion ransomware group.
Executive Summary
KEY FACTS
- WhatMoney Message ransomware attacked the Egyptian Tax Authority.
- WhoIndividual and corporate taxpayers across Egypt's tax system.
- Data ExposedTaxpayer financial records, corporate filings, and bank account details.
- OutcomeDouble-extortion threat; no public statement or penalty disclosed.
Impact Assessment
WHAT WAS EXPOSED
- Individual taxpayer records including income declarations, tax identification numbers, national IDs, salary breakdowns
- Corporate tax filings containing financial statements, revenue figures, profit declarations
- Bank account numbers linked to tax refund payments and direct debit arrangements
- Business ownership structures including shareholder information and beneficial ownership details
- Internal ETA administrative documents including audit selection algorithms and enforcement priority matrices
- Employee records for ETA staff including security clearance levels
Tax data represents the most comprehensive financial profile available on any individual or corporation. Unlike financial institution data (limited to accounts held at a specific bank), tax records provide a panoramic view of total income, all assets, all deductions, and complete financial activity across every institution.
References
SOURCES
Dark web monitoring, Security Affairs, Egyptian Tax Authority, Egyptian Cybercrime Law No. 175/2018