Cybercriminals are increasingly targeting South African municipalities, exposing serious weaknesses in local government cybersecurity systems. Experts warn that outdated technology, limited digital skills, and poor infrastructure are leaving sensitive public information vulnerable to ransomware and phishing attacks.
This comes amid reports linked to the OP South Africa campaign, which has allegedly compromised several government and state-owned entities. Jan Vermeulen from My Broadband addressed the issue, noting that while claims regarding recent high-profile breaches involving entities like SASA and Sansa are still being verified, OP South Africa and associated groups such as Anonymous Nigeria have compromised local government agencies and small businesses. They have also claimed an attack on correctional services.
Vermeulen explained that South African government agencies have historically faced lower interest from attackers due to the relatively high cost of breaching them. However, the advent of artificial intelligence combined with clear financial motives has changed the landscape. “This infrastructure has always been vulnerable. It’s only the difference now is that it’s being attacked,” he said.
He highlighted two distinct types of attacks. Ransomware operations are financially driven, where attackers steal or encrypt data and demand payment for decryption keys or to prevent leaks. In contrast, the OP South Africa campaign from Anonymous Nigeria and allies appears aimed at highlighting xenophobic attacks and xenophobia in South Africa. These activist groups have evolved from website defacements to gaining deeper access and exfiltrating data.
Vermeulen cited the example of the ransomware group Black X, which claimed to have attacked the ANC’s website, exfiltrated personal data of 2 million members, and is now selling the data rather than ransoming it directly to the organization. Negotiated fees grant buyers access to the compromised information.
Regarding the broader narrative on xenophobia amplified on social media by such campaigns, Vermeulen noted that the impact on Brand South Africa remains limited. “Twitter is not the outside world. Very little of what is discussed on Twitter actually breaks into the real world,” he said. However, the real harm lies in the compromised personal data of citizens and residents being placed on the dark web, where it can be weaponized.
South Africa ranks as the second most breached country in Africa since 2004, according to some research. Vermeulen attributed the majority of these incidents to outdated legacy systems that have not been properly updated or maintained. While zero-day vulnerabilities do occur, such as last year’s major Microsoft SharePoint breach, most successful attacks stem from a lack of continuous investment in security and skills.
“When these systems were built, it was probably fine. But as time marches on, if you don’t keep these systems updated, new vulnerabilities and weaknesses are discovered every day,” Vermeulen stated. He emphasized that government entities must prioritize investment in technology upgrades and cybersecurity expertise to protect public data.