[imagesource:pixahive]

In case you missed the news, South Africa’s Department of Defence (DOD) was breached by a hacker group a while ago, and the group was able to extract about 200TB worth of sensitive information, including Cyril Ramaphosa’s cell number. The story is now once again attracting attention after they announced the attack last week.

The ransomware gang calling itself ‘Snatch’, after the Guy Ritchie movie, posted the contact information of several senior government officials online, and despite the seriousness of the security lapse, the group has claimed that nobody has really done anything about it.

To make matters even more bizarre, the group was contacted via Whatsapp by the tech site Mybroadband for an interview, and they even gave a statement.

Snatch said the breach had been ongoing for a year and that they had exfiltrated 200TB of data. They also confirmed that “the attack on South Africa has lasted for about half a year, starting as early as the end of 2022.”

“Ministry of Defense officials were categorically unwilling to accept information about penetration into the secure government network.”

According to Snatch, they contacted the same individuals whose contact details were posted about the possible security leak in November 2022, warning them that the network was vulnerable. Despite this, they were “simply ignored.”

After their warnings were laughed at, Snatch said they hacked ten to twelve internal servers and downloaded 1.6TB of data, including “military contracts, personal data of employees, and other information related to the security of the country.”

Representatives of the DOD were then invited to a ‘chatroom’ to discuss details of the breach. The group claims that they insisted on only a discussion, and not a ‘buy-out’. “The calls ranged from the president of the country to the cabinet and generals from the Ministry of Defense,” they said.

“It was pointless. People are so far away from cyber security that many of them did not even believe that there was any secret information on their servers.”

The group said many of the individuals responsible for our country’s safety didn’t even understand how servers worked and were simply concerned with whether ‘their laptops had been hacked’.

“Oh, my laptop is safe? Ok, that’s fine, bye.”

Snatch says the DOD behaved the same as their US and UK counterparts – “Disbelief and laughter, trying to avoid publicity, and attempting to attack the resource where the information is posted, and then announcing to the media that the attack is fake.”

At the time of the interview, security on the DOD network had remained unchanged.

“We are making up our minds whether to continue attacking or [make it public and] giving everyone who has the skill and desire to attack the opportunity to do it.”

Snatch reiterated at the end of their statement that they have nothing to do with the Snatch ransomware gang.

“We are the Security Notification Attachment,” they said.

Security researchers who spoke to MyBroadband say the “proof of breach” appears legitimate, but when contacted for comment, SANDF spokesperson Brigadier General Andries Mokoena Mahapa reportedly told News24 the attack was “fake news”.

When asked asked whether there had been a breach, DOD Head of Communication Siphiwe Dlamini, is quoted as saying: “Nope, none.”

Since then, the DOD has not said a word about the entire spectacle.

Now, I am no scientist or security expert, but it is mind-boggling that a hacker team can infiltrate our most secure networks, show proof of the breach by posting sensitive info, and then the government just says, “Nope, fake news.”

Are officials lying, or just idiots who don’t know that their pants are around their ankles?

What a world we live in when hackers are more communicative with the media than our public representatives. As always, all we can do is ask “WTF is going on?”

[source:mybroadband]