Recently appointed Minister of Public Works and Infrastructure, Dean MacPherson, revealed on 10 July that the department had been the target of at least R300 million in cyber theft over the past 10 years.
This revelation came after a recent incident in May 2024, which resulted in the theft of R24 million from the department. The Minister noted that this led to a full joint investigation by the Hawks, South African Police Service, the State Security Agency, and experts from the cyber security industry.
Promising to tackle the cyber threat to the department, the minister stated it had become evident “that the department has been a soft target and playground for cyber criminals for over a 10 year period and this should have been picked up a lot earlier.”
The Minister emphasized the importance of alerting the public, adding “I felt it important to let South Africa know what has happened and what we are doing about it. I cannot discount the possibility of collusion between officials and criminals in this prolonged period of theft. It is clear that we need better financial controls which I have said to the department are a matter of urgency.”
The attack further resulted in the department having to shut off its payment system, causing significant delays in payments. The minister is quoted as saying, “We want to put a stop to this immediately because we cannot allow our department to be subjected to unchecked looting. This is money that could have been spent on our infrastructure drive to improve the lives of South Africans.”
The investigation has thus far resulted in the suspension of four department officials, and the seizure of 30 laptops. Three of the suspended officials were revealed to be from the department’s senior management. Determined to root out corruption in the department, the Minister welcomed the precautionary suspension of the four officials. He added, “There is simply no place for corruption in this department.” The department has further committed to strengthening its cyber security defenses to prevent further incidents.
Cyber attacks of government systems is not a new phenomenon. In July 2021 Transnet was forced to shut down and declared force majeure amid a cyber-attack. The incident was described as “an act of cyberattack, security intrusion and sabotage”, which crippled the ports of Durban, Ngqura, Gqeberha, and Cape Town. Ultimately revealed to be a ransomware attack, Transnet was able to restore order and resume operations after six days, on 28 July 2021.
In the aftermath of the hack, Transnet remained tight lipped around the details of the incident, citing national security concerns. Bloomberg later attributed the hack to a known ransomware strain of “Death Kitty”, believed to have originated from Eastern Europe. The timing of the attack in relation to the July 2021 riots left many questioning if the events were related.
A few months later, on 6 September 2021, another series of cyber attacks targeted the Department of Justice and the South African Space Agency, which left the systems encrypted and inaccessible. No demands were received by either department.
More recently, in August 2023, the Department of Defence found itself the target of a cyberattack, which resulted in the theft of 1.6TB of South African National Defence Force (SANDF) data. The DoD and SANDF initially denied there had been an attack, with the SANDF spokesperson dismissing the incident as “fake news”.
Responsibility for the attack was claimed by the Snatch group, who stated that they sought to “[expose] the current government as totally corrupted, involved in international illegal arms trade. It reveals illegal traffic on the African continent and all interested parties from other countries, mainly from the United States.” The SANDF hack laid bare the extent to which South Africa was vulnerable to cyber-attacks.
With South Africa increasingly becoming a playground for hacker groups, and this recent revelation from the DPWI, many are asking if the new administration and its departments are equipped and prepared to prevent and mitigate these risks.
