Malicious Hackers Turning Their Sights on South Africa’s Government

Cybersecurity

The South African government has become a major target for global threat actors, with less of their focus now on the private sector, according to findings in a new Trellix cyber threat intelligence briefing on South Africa.

Threat actors exploit covert infiltration, user-carried USB devices and vulnerabilities in intermediary financial systems to breach security. The data, measured and recorded by Trellix’s research team and cyber threat management engineers, showed that global threat actors are targeting South African government systems.

Cybersecurity

Government now attracts more than a third of all online attacks, with the education sector a distant second, followed by financial services, utilities, wholesale, media, consumer products and the general services sector. 

read also Nigeria’s Nomba Raises $30M to Expand Bespoke Payment Solutions for African Businesses

Government now attracts more than a third of all online attacks, with education a distant second

“With the threat landscape constantly changing, and threat actors adapting their tactics daily, organisations large and small must also adapt their cybersecurity strategies to keep in step with the increasingly automated, smart tools deployed by threat actors from inside and outside the country,” said Carlo Bolzonello, country manager for Trellix South Africa.

“What we do know is that although it may be growing at a very slow pace, the South African economy is quickly adopting more advanced technology across commerce, service delivery and communication. This transition leaves gaps of exposure for various groups to test weakness left open, as old systems make way for more modern ones.”

Top attacks launched by threat actors during 2023 included Mustang Panda, APT40, Backdoor Diplomacy, ATP10, Lazarus, Winnti Group, Naikon, Vice Society and FIN7.

read also Tanzanian Biotech Startup NovFeed Land $1M for Advancing Agritech in Africa

Notable attacks observed were from: UNC4191, a cyber espionage operation in Southeast Asia, leveraging USB devices carried by users as the initial infection point.

Advanced persistent threats – APT27, APT39, APT28, APT41 – which are typically nation state-backed groups gaining unauthorised access to computer networks, remain undetected for long periods while attackers mine highly sensitive information.

Common Raven, which commonly targets the Swift payment infrastructure utilised by major financial institutions. 

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry