Egyptian Tax Authority: Money Message Ransomware Attack
In November 2024, the Money Message ransomware group claimed a successful attack against the Egyptian Tax Authority (ETA), one of the most sensitive financial data custodians in the Egyptian government. Money Message operates as a double-extortion ransomware group.
The group claimed to have exfiltrated taxpayer financial records, corporate tax filings, and internal administrative documents.
The ETA holds among the most sensitive financial data in the country--individual and corporate tax returns containing detailed income information, asset declarations, bank account numbers, and business ownership structures.
KEY FACTS
- .What: Money Message ransomware attacked the Egyptian Tax Authority.
- .Who: Individual and corporate taxpayers across Egypt's tax system.
- .Data Exposed: Taxpayer financial records, corporate filings, and bank account details.
- .Outcome: Double-extortion threat; no public statement or penalty disclosed.
WHAT WAS EXPOSED
- .Individual taxpayer records including income declarations, tax identification numbers, national IDs, salary breakdowns
- .Corporate tax filings containing financial statements, revenue figures, profit declarations
- .Bank account numbers linked to tax refund payments and direct debit arrangements
- .Business ownership structures including shareholder information and beneficial ownership details
- .Internal ETA administrative documents including audit selection algorithms and enforcement priority matrices
- .Employee records for ETA staff including security clearance levels
Tax data represents the most comprehensive financial profile available on any individual or corporation.
Unlike financial institution data (limited to accounts held at a specific bank), tax records provide a panoramic view of total income, all assets, all deductions, and complete financial activity across every institution.
SOURCES
Dark web monitoring, Security Affairs, Egyptian Tax Authority, Egyptian Cybercrime Law No. 175/2018