Ransomware victim disclosure
← All victimsIntegrated Financial Management Information System (IFMIS) - Kenya
listed as ifmis.go.ke · Claimed by Apt73 · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Kenya
- Sector
- Public Sector
- Listed on leak site
- Apr 27, 2026
About the victim
AI dossier — public-source company profileIFMIS (Integrated Financial Management Information System) is a Kenyan government platform operated under the National Treasury and Planning, used to manage and automate public financial management processes including budgeting, procurement, and expenditure across government ministries and agencies. It is a critical infrastructure system underpinning Kenya's public sector financial operations.
- Industry
- Government Financial Management Systems
- Address
- Nairobi, Kenya
Attack summary
Severity: critical — IFMIS is a critical Kenyan government financial infrastructure system handling national budget, procurement, and expenditure data across all ministries; confirmed data publication of a government financial management system constitutes a critical breach of sensitive public-sector and potentially regulated financial data at national scale.APT73 claims to have compromised the IFMIS government system in Kenya, with the disclosure status indicating data has been published; the group did not state a ransom demand.
Data the group says was taken
AI dossier — extracted from the leak post- Government financial records
- Budget and expenditure data
- Procurement records
- Government ministry data
- Potentially sensitive public financial management information
What the group claims
Integrated Financial Management Information System (IFMIS) is a government system in Kenya that i...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

