Government organizations in South Africa are the primary targets for cyber threat actors, according to the latest data from cybersecurity company Trellix. In the second quarter of 2023, 26% of all detected threat activity was directed towards government systems.
- Business service providers and wholesalers’ networks followed closely as targets, with 16% and 14% of detected threat activity, respectively. Utilities’ systems accounted for 12% of the detected threat activity. Threat activity tended to peak on Mondays and Fridays.
- Trellix identified specialized, well-equipped, and highly skilled threat actors operating in South Africa. These threat actors demonstrate interconnections with extensive networks and potential state support, suggesting a coordinated and sophisticated approach to their malicious activities.
- The Lazarus Group and Daggerfly Advanced Persistent Threats (APT) Group were highlighted as notable threat actors that have intensified their efforts to infiltrate critical South African systems. The Lazarus Group, associated with a North Korean state-sponsored APT syndicate, deploys various tools and capabilities for its operations, including DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware.
- The Daggerfly APT, suspected to have affiliations with China, has exhibited increased activity in Africa, with a focus on targeting telecommunications organizations. This threat actor primarily aims at information gathering and utilizes methods like PlugX loaders and living off the land tooling to conduct long-term campaigns. These threat actors employ trail obfuscation techniques, making it challenging for investigating teams to analyze their malicious artifacts and detect their presence effectively.