The Kraken ransomware group, also identified as HelloKitty, has allegedly targeted Mada Communications, a leading telecommunications service provider in Kuwait. The threat actor has listed the company on its dark web leak blog, claiming responsibility for a cyberattack. Mada Communications, formerly ARAB TELECOMMUNICATIONS (ArabTel), is a critical infrastructure provider in the country, offering wireless broadband, internet, and intranet services to a significant client base that includes government organizations, oil companies, and financial services firms.
As evidence of the breach, the ransomware group published a screenshot allegedly showing an index of exfiltrated directories from Mada’s internal network, dated July 24, 2025. This suggests that the attackers have not only encrypted the company’s systems but have also stolen sensitive information. The successful compromise of a major telecommunications provider raises serious concerns due to the sensitive nature of its clients and the data it handles.
The directory listing posted by the threat actors allegedly reveals the types of data that may have been compromised. The folder titles include:
- Departments
- ExchangeOAB
- IT-Billing
- IT-Support-Team
- Jiju_Abbas_Akhilesh
- Users
- madait
