The Ingonyama Trust, a statutory body established in 1994 to manage communal land in KwaZulu-Natal for the benefit of Zulu tribes and communities, has been the subject of an attempted ransomware attack, the effects of which are still under investigation.

A senior IT expert, who disclosed details of the incident to TechCentral, said NightSpire has posted information on the dark web claiming it gained access to the trust’s systems on 1 June and that 30GB of data had been exfiltrated.

Responding to a questions from TechCentral, the board of the Ingonyama Trust on Friday said it had become aware of a breach of its IT system on 2 June 2025 and had taken precautionary measures to limit the disruption.

It said that so far, it has not confirmed that any data has been leaked.

“As soon as we became aware of the incident, we took the affected systems offline to prevent further compromise and engaged an independent specialist cybersecurity company to investigate and strengthen our systems,” said Ingonyama Trust acting CEO Siyadumisa Vilakazi.

“Should any risks to personal or sensitive information be identified, [the board] commits to promptly and transparently notifying affected parties in line with legal and ethical obligations.”

According to the Ingonyama Trust website, the trust holds geographical and land-related data, including information on about 2.8 million hectares of land it owns in KwaZulu-Natal, along with data on the 250 traditional councils, 1 491 title deeds and the 5.2 million people living on that land. Any successful infiltration of its system potentially puts a significant amount of personal information at risk.

‘Stable’

The trust’s board said its core IT systems remain “stable” despite the attempted breach. Critical system functions were restored using backups and communications channels including phones and e-mail remained open throughout the incident. “Some internal systems remain on limited access as upgrades are being implemented,” said Vilakazi.

The trust’s preliminary findings indicate that the criminal group responsible for the attempted breach, which identified itself as NightSpire, aimed to infiltrate the trust’s systems, lock users and administrators out, and then demand a ransom.

Read: National treasury confirms malware hit

Despite the board’s assertion that no evidence of a data leak has been found, the board said it continues to work with IT security specialists to “validate the extent of the incident”.

According to the SOC Radar website, a cyberthreat intelligence specialist, NightSpire is motivated by financial gain and has targeted various types of organisations around the world including in the US, Taiwan, Egypt, Hong Kong and Turkey. NightSpire’s modus operandi include double extortion , data theft and ransomware.

“This incident highlights that cybercrime is a global challenge that spares no organisation, public or private. While no system can be completely immune, what matters is the speed, transparency and responsibility of the response,” said Vilakazi. – © 2025 NewsCentral Media