National treasury said it found malware in its IT environment this week that might be linked to the recent attack on Microsoft infrastructure using a vulnerability in the software giant’s SharePoint software.

According to a statement on Wednesday, treasury’s systems are up and running, suggesting the attack was not successful.

“On Tuesday afternoon, national treasury identified malware on its Infrastructure Reporting Model (IRM) website, the online infrastructure reporting and monitoring system,” treasury said in a statement.

“Considering recent media reports since Sunday regarding security incidents affecting Microsoft platforms in the US, treasury has requested Microsoft’s assistance in identifying and addressing any potential vulnerabilities within its information and communication technology environment.”

At the weekend, Microsoft issued an emergency alert regarding “active attacks” on server software used by government agencies and businesses to share documents within organisations. Microsoft recommended security updates its customers should apply immediately to counter the issue.

By Tuesday, 100 servers representing 60 victims were confirmed to have been compromised by the attack; including organisations on the energy sector, consulting firms and universities. According to a Bloomberg report on Wednesday, Eye Security, one of the firms that identified the exploit, said organisations targeted in the hack include government agencies and private companies – including “bigger multinationals” – in North and South America, the European Union, Australia, and South Africa.

Other entities targeted

Treasury said it responded to the detection of the malware by isolating its IRM servers from the rest of its IT environment so it could assess the magnitude of the infiltration and any damage caused. Details of how far along this process is were not given in the statement and so the link between the malware and the SharePoint exploit is not yet official.

National treasury processes over 200 000 e-mails each day and facilitates more than 400 000 user connections through its websites daily. On average, national treasury’s IT team successfully detects and blocks about 5 800 security threats directed at national treasury systems every day on average, it said.

Read: SharePoint zero-day attackers now using ransomware

“Despite these events, national treasury’s systems and websites continue to operate normally without any disruption.”

Meanwhile, Bloomberg News, citing Eye Security, reported on Thursday that hackers have breached about 400 government agencies, corporations and other groups around the world, although the number could be a lot higher.

“We never name individual victims, but can share that in South Africa we’ve seen an organisation in the car manufacturing industry, a university, several local government entities and a federal government entity,” Eye Security co-owner Vaisha Bernard told Bloomberg. — © 2025 NewsCentral Media