The South African government has become a major target for global threat actors, with less of their focus now on the private sector, according to findings in a new Trellix cyber threat intelligence briefing on South Africa.
Threat actors exploit covert infiltration, user-carried USB devices and vulnerabilities in intermediary financial systems to breach security. The data, measured and recorded by Trellix’s research team and cyber threat management engineers, showed that global threat actors are targeting South African government systems.
Government now attracts more than a third of all online attacks, with the education sector a distant second, followed by financial services, utilities, wholesale, media, consumer products and the general services sector.
“With the threat landscape constantly changing, and threat actors adapting their tactics daily, organisations large and small must also adapt their cybersecurity strategies to keep in step with the increasingly automated, smart tools deployed by threat actors from inside and outside the country,” said Carlo Bolzonello, country manager for Trellix South Africa.
“What we do know is that although it may be growing at a very slow pace, the South African economy is quickly adopting more advanced technology across commerce, service delivery and communication. This transition leaves gaps of exposure for various groups to test weakness left open, as old systems make way for more modern ones.”
Top attacks launched by threat actors during 2023 included Mustang Panda, APT40, Backdoor Diplomacy, ATP10, Lazarus, Winnti Group, Naikon, Vice Society and FIN7.
Notable attacks observed were from:
- UNC4191, a cyber espionage operation in Southeast Asia, leveraging USB devices carried by users as the initial infection point.
- Advanced persistent threats – APT27, APT39, APT28, APT41 – which are typically nation state-backed groups gaining unauthorised access to computer networks, remain undetected for long periods while attackers mine highly sensitive information.
- Common Raven, which commonly targets the Swift payment infrastructure utilised by major financial institutions. – © 2023 NewsCentral Media
