Russian information security firm Kaspersky warns that the alleged compromise of President Cyril Ramaphosa’s email account is a significant threat to South Africa.
“The impact of such a leak is extraordinary depending on the nature of communication within,” said Kaspersky senior security researcher Maher Yamout.
He highlighted that South Africa is going through turbulent times politically and economically.
“The threat actor could literally destabilize the country if equipped with the right emails,” Yamout warned.
Kaspersky’s comments follow a Sunday Times report about a group calling itself SpiderLog$.
According to the report, the group provided screenshots proving they could access sensitive military and intelligence data.
In one of the screenshots, SpiderLog$ showed it could get into the defense and state security departments’ webmail interface.
SpiderLog$ also reportedly obtained details of a loan President Cyril Ramaphosa took out from one of South Africa’s top four banks in the 2000s.
It said it used data leaked by another group called N4ugtysecTU after it breached credit bureau TransUnion earlier this year.
The leaked data included people’s home addresses, ID numbers, and cellphone numbers — including those of prominent figures such as Ramaphosa and EFF leader Julius Malema.
TransUnion disputed that leaked Home Affairs data came from its servers, saying that the attackers had obtained it from an earlier breach.
“South Africa is a playground for hackers because anyone is able to map your country’s digital infrastructure,” SpiderLog$ warned.
Maher Yamout, Kaspersky senior security researcher, Global Research & Analysis Team
Kaspersky’s Yamout said SpiderLog$ is probably associated with N4ugtysecTU
“There’s no ‘SpiderLog$’ before this incident, so [they are] likely a newly fabricated actor,” stated Yamout.
“With the leaked content composed of phone numbers, addresses, personally identifiable information (PII)… this could be used to impersonate anyone in the leak and steal victims’ digital accounts.”
Yamout said if someone has your PII, they can call your bank and try to convince the operator they are you to gain access to your account.
“Apparently, this is what happened with the president’s email account,” Yamout said.
To protect against this kind of attack, Yamout said two-factor authentication is crucial for any digital account, in addition to strong, frequently-changed passwords.
“Also, do not underestimate patching,” he said.