A threat actor known as Ghudra, reportedly affiliated with the Russian-linked APT group Fancy Bear (APT28), has advertised the sale of data allegedly stolen from Rwanda’s Health Workforce Management System.
According to Ghudra, the listing includes:
- The full database
- A complete website dump
- Live shell access to the compromised server
Each item is priced at $2,000.
The actor claims the breach is being monetized after receiving no response from the Rwandan government regarding the incident.