The cyberattack against SSS aimed to disrupt service availability through a high-volume DDoS and to exfiltrate sensitive information. The SSS Cybercrime unit, prepared for such threats, immediately activated its incident response protocols. While the DDoS temporarily impacted the availability of the SSS Project system, the data breach attempt was identified and blocked within minutes, preventing any data loss or breach. SSS claims to have recovered all critical online infrastructure within a remarkable 13 minutes of detection, restoring continuity.
South Africa Grapples with Widespread Cyber Extortion Campaign
For several weeks, South Africa has been the target of extensive cyber extortion, with DDoS attacks crippling numerous internet infrastructure providers. Affected entities include undersea cable operator Seacom, web hosts such as Host Africa, Domains.co.za, Xneelo, 1-Grid, Liquid Intelligent Technologies, and Network Platforms. News publications and government services have also experienced intermittent outages. A group calling itself “Black Matter” has claimed responsibility for similar attacks on other South African companies. However, SSS suspects this group is a copycat, either leveraging an infamous name or employing a false flag to conceal its true identity, as the original Black Matter group has been inactive for years.
Unusually Low Ransom Demands Raise Concerns
The SSS Cyber unit has noted that some ransom demands in this campaign were as low as R16,000 in cryptocurrency. This amount is unusually low given the immense scale of the attacks, with peaks exceeding 1 Tbps in some cases. This disparity has led to concerns that the campaign might extend beyond mere financial gain, potentially serving to test South Africa’s internet and security infrastructure or to probe for data theft vulnerabilities. Understanding the shadow economy of ransomware is crucial in this context.
Preparation, Not Panic: SSS Cybercrime Unit’s Stance
In a statement, the SSS Cybercrime unit emphasized the importance of preparedness. “In successfully blocking this data breach and recovering our critical infrastructure within 13 minutes, the SSS Cybercrime unit has demonstrated that preparation, not panic, is the strongest defence against modern cyber threats,” the unit stated. SSS aims to share its methodology, assist law enforcement, and help other South African organizations avoid becoming victims of this ongoing campaign. This disclosure serves as a warning and an encouragement for cooperation with authorities to end the wave of cyber extortion.
Public Warning Issued as Investigation Continues
SSS has issued a public warning to all South African organizations, especially web hosts, telecom providers, financial institutions, and government entities. They caution that the current DDoS attacks may be diversions for simultaneous data breach attempts. Organizations should not assume DDoS incidents are purely denial-of-service and must immediately initiate breach detection protocols if they experience unexplained network degradation, unusual outbound traffic, or DDoS activity. SSS also urges the public and private sectors not to pay ransoms to the “Black Matter” copycat group without forensic validation, as this could fund further attacks. The investigation into this matter is ongoing.
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates
