Unprecedented cyber attacks target South African government entities
5 September 2023
The incidence of spyware attacks has shown a significant surge of over 20% within South Africa with regard to 2023. The majority of these reported attacks have been concentrated on governmental websites and systems, thereby potentially engendering substantial instability to the national security framework of South Africa.
The foundational principle of national security mandates that a nation has the capacity to safeguard the well-being of its citizens. In the event that governmental systems are infiltrated by malicious actors, including hackers, malware or cyber assailants, the underpinning tenets of national security would be severely compromised.
Initial consequences include the potential for extensive misappropriation of sensitive content across governmental digital platforms housing classified information and citizens’ personal data. These exploited data caches could serve as a tool for hackers to either expose sensitive material or, in a more serious scenario, collude with state agents to suppress evidence or manipulate official documents, thereby rendering them inconspicuous.
Given South Africa’s troubled economic landscape, the ramifications of a significant cyber attack could potentially exceed the country’s financial resilience. Consequently, these attacks underscore the pressing obligation of the government to promptly address the escalating apprehensions concerning cyber attacks.
The disruption of critical services further exacerbates the scope of potential harm, encompassing data breaches, service interruptions and, conceivably, loss of life within pivotal sectors. The safeguarding of cyber security for foundational infrastructure becomes an imperative to prevent cyber attacks from causing considerable damage to the nation’s economic stability, national security and essential services.
Instances of inaction or inadequate responses to cyber attacks corrode public faith in the government’s efficiency, consequently fostering apprehension and doubt among citizens. To illustrate this concern, consider the case of the South African National Prosecuting Authority, which required 13 years to successfully prosecute cyber hacker Bruce Owen.
Owen had illegally obtained R600 000 from the Education Department in 2010, a situation that came to light when the department detected 14 distinct transactions routed to an unfamiliar destination. Ultimately, on 24 August 2023, Owen received a three-year prison sentence for theft.
The protracted duration of the legal process raises questions regarding potential impediments in effectively tracing the perpetrator, as well as whether the judicial system comprehends the intricate nature of modern cyber security investigations. The intricacies of these investigations necessitate a substantial allocation of resources, which may have been lacking in this case, potentially contributing to the extended timeline of the legal proceedings.
Cyber attackers have increasingly resorted to ransomware as a prominent mode of attack. Familiarly known as a form of malware, ransomware effectively encrypts governmental files, rendering them inaccessible unless a stipulated ransom is remitted to the malevolent entities in exchange for decryption.
According to the report titled “The State of Ransomware in South Africa 2023” by Sophos, a massive 78% of South African organisations experienced ransomware attacks in the preceding year. A significant ransomware incident involving the South African Department of Defence appears to have occurred on 21 August 2023.
The group claiming responsibility identify themselves as SNATCH. This group employs a multifaceted approach combining ransomware and data exfiltration elements. Subsequently, the malware launches brute force attacks against vulnerable applications within the target organisation. Apart from these actions, the SNATCH group also claimed on a Telegram group that South Africa’s President Cyril Ramaphosa is “the primary arms profiteer of the African continent.”
Furthermore, the group levied serious allegations regarding the South African government’s involvement in illicit arms trading, citing substantial financial flows toward major corporations engaged in the arms trade as evidence of money laundering activities. Notably, the group’s actions seem to have resulted in the unauthorised disclosure of highly sensitive information, encompassing private contacts of President Ramaphosa, military officials and senior government ministers. This breach apparently also involved the disclosure of approximately 1,6 terabytes of classified data.
Consequently, it remains a mandate for the government to do everything in its power to safeguard its constituents against potential threats. The onus lies upon the government to restore and fortify trust through transparency, effective communication and proactive measures geared toward enhancing cyber security provisions. Given the gravity of these threats, a three-pronged response strategy becomes essential for effective counteraction by the government.
Skilled information technology professionals must collaborate with government entities to impart knowledge to staff members, enforce continual training regimens and software updates to pre-empt threats across systems, and administer specialised training within government structures to increase awareness.
While this approach may not eradicate cyber attacks, it undeniably will reinforce governmental systems against such threats and bolster the vigilance of staff members and the public alike. Through such comprehensive measures, the preservation of invaluable data will be upheld, thereby ensuring the comprehensive safeguarding of sensitive or fragile systems.
Charné Mostert is a Campaign Officer at AfriForum. Charné has an honours degree (cum laude) in International Politics and is currently working on her master’s degree in Security Studies at the University of Pretoria. Charné usually publishes contributions on X (formerly Twitter), LinkedIn and TikTok.
