Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      How the Post Office plans to rise from the dead - Fathima Gany

      How the Post Office plans to rise from the dead

      17 July 2026
      iOCO snaps up ERP firm as acquisition machine cranks up - Rhys Summerton

      iOCO snaps up ERP firm as acquisition machine cranks up

      17 July 2026
      Meta AI will now tell parents if their teen is in crisis

      Meta AI will now tell parents if their teen is in crisis

      17 July 2026
      Tap to pay is finally coming to the Post Office

      Tap to pay is finally coming to the Post Office

      17 July 2026
      Xi pitches China as the world's AI liberator - Chinese President Xi Jinping waves as he arrives at the opening ceremony of the World AI Conference in Shanghai. Ng Han Guan/Reuters

      Xi pitches China as the world’s AI liberator

      17 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      Selling vapour is corporate suicide in slow motion - Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Internet and connectivity » Troubling questions over South African internet infrastructure attacks

    Troubling questions over South African internet infrastructure attacks

    There are big concerns about the attacks that have been mounted against South African hosting companies in recent days.
    By Duncan McLeod and Nkosinathi Ndlovu19 May 2026
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Troubling questions over South African internet infrastructure attacks

    The sheer scale of the distributed denial-of-service (DDoS) attacks on South African internet infrastructure in recent days does not make sense considering the relatively small amounts the attackers are trying to extort.

    A senior South African network security specialist, who asked for anonymity given the nature of his work, told TechCentral on Tuesday that the ransom of two-and-a-half monero – equating to about R16 000 at the time of writing – pales in comparison to the cost it would have taken to mount the attacks.

    To sustain the attacks – which peaked at over 600Gbit/s in the case at least two hosting providers and which have run for hours at a time – is not a cheap exercise. Just one 300Gbit/s attack, according to the security specialist, would cost at least US$5 000 per target.

    If this had happened in the UK, the US or Australia, there would already be a government-level task team

    “A commodity criminal would chase the softest targets. Someone has picked the most consequential ones in this attack. The knock-on map through the ISP and reseller chains is exactly the dependency picture a hostile actor would want to validate,” said TechCentral’s source.

    “If this had happened in the UK, the US or Australia, there would already be a government-level task team … actively assisting the affected centres, exchanging indicators of compromise with foreign counterparts and issuing public technical advisories within 24 hours.”

    Mystery also surrounds the true identity of the perpetrators of the string of attacks, which began late last week and which have impacted 1-grid, Domains.co.za, Xneelo and Network Platforms, among others. The attackers identified themselves as BlackMatter in extortion e-mails to the affected companies, though it’s far from clear whether this is the group that’s really behind the attacks.

    BlackMatter?

    First coming into prominence in 2021, BlackMatter was a rebrand of DarkSide, a ransomware-as-a-service outfit that was active between 2020 and 2021.

    “BlackMatter operates outside of a typical corporate-style entity. This ransomware gang is constantly staging its ‘death’ and ‘rebirth’ to shake off law enforcement attempting to track them,” said Jayson O’Reilly, MD at Private Protocol, a cybersecurity specialist

    Read: DDoS extortionists ‘carpet bomb’ South African internet hosts

    There are other complicating factors that make BlackMatter difficult to pin down. According to O’Reilly, digital deception – the embedding of false flags to confuse forensic investigators – is part and parcel of BlackMatter code. He said the organisation is also thought to operate from “safe haven” jurisdictions, including Russia and the Commonwealth of Independent States, making physical contact nearly impossible.

    “They also do financial transactions through cryptocurrencies like monero and highly obfuscated crypto mixing services. So, in a nutshell, they are playing the cat and mouse game and winning against authorities. This is what makes them successful,” said O’Reilly.

    hacker

    According to the American Cyber Defence Agency, BlackMatter actors have attacked numerous US-based organisations and have demanded ransom payments ranging from $80 000 to $15-million in bitcoin and monero.

    The group attacking South African infrastructure companies in recent days demanded their extortion money be paid in monero – a nearly untraceable form of cryptocurrency. But the small amount of money being extorted from the South African companies remains the biggest puzzle, and does not fit with previous ransomware demands by BlackMatter.

    The carpet bombing attack on South African infrastructure has had a wide impact on South African websites. Xneelo confirmed to TechCentral that its infrastructure was indeed hit by a DDoS attack but that disruption from upstream service providers also had an impact on end-user connectivity. 1-grid, meanwhile, said the attack speed exceeded 100Gbit/s on its network and targeted IP addresses across its entire network range.

    Read: Extortion fears as DDoS attacks hit SA internet infrastructure

    System monitoring website Downdetector indicated reports of a disruption at subsea cable operator Seacom on Tuesday morning. Seacom confirmed that the disruption – which it described as temporary – was due to DDoS attacks on other service providers and not an attack on its own infrastructure, contradicting media reports elsewhere.  – © 2026 NewsCentral Media

    Get breaking news from TechCentral on WhatsApp. Sign up here.

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    BlackMatter CYBER1 Solutions DarkSide Grid1 Network Platforms Seacom Xneelo
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleEskom threatens to cut power to Joburg
    Next Article Network with industry leaders at Pan African DataCentres event

    Related Posts

    South Africa's fibre underdogs are beating the giants

    South Africa’s fibre underdogs are beating the giants

    30 June 2026
    The web belongs to the machines now 

    The web belongs to the machines now 

    17 June 2026
    DDoS attacks expose South Africa's cyber response gap

    DDoS attacks expose South Africa’s cyber response gap

    24 May 2026
    Company News
    Paratus again voted Namibia's most reliable internet provider

    Paratus again voted Namibia’s most reliable internet provider

    17 July 2026
    Core opens Microsoft Surface reseller programme to South African SMEs - John Press

    Core opens Microsoft Surface reseller programme to South African SMEs

    17 July 2026
    The economy the statistics miss is thriving on Spondo Street - Lesaka Technologies Lincoln Mali

    The economy the statistics miss is thriving on Spondo Street

    16 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    Selling vapour is corporate suicide in slow motion - Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    How the Post Office plans to rise from the dead - Fathima Gany

    How the Post Office plans to rise from the dead

    17 July 2026
    iOCO snaps up ERP firm as acquisition machine cranks up - Rhys Summerton

    iOCO snaps up ERP firm as acquisition machine cranks up

    17 July 2026
    Meta AI will now tell parents if their teen is in crisis

    Meta AI will now tell parents if their teen is in crisis

    17 July 2026
    Tap to pay is finally coming to the Post Office

    Tap to pay is finally coming to the Post Office

    17 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}