Microsoft SharePoint Vulnerability Hits South Africa’s National Treasury and Mauritius Organizations
A vulnerability in Microsoft SharePoint has compromised over 400 organizations, including South Africa’s National Treasury and several entities in Mauritius.
Hello and warm greetings.
In this edition, we spotlight a widespread Microsoft SharePoint vulnerability that has compromised over 400 organizations, including South Africa’s National Treasury and several entities in Mauritius.
We also explore new telecom cybersecurity insights from South Africa, where SIM swap fraud now drives 60% of mobile banking attacks, costing the sector R5.3 billion annually.
Across the continent, we report on Kenya’s new 24-hour cyberattack disclosure rule for insurers, a ransomware attack on a Namibian municipality, and Meta’s launch of AMBER Alert Ghana in partnership with local police.
On the global front, we track the international takedown of the BlackSuit ransomware group, the UK’s proposed ban on ransom payments for public services, and a 27% rise in high-risk email threats worldwide.
Let’s dive in!
African Stories
Microsoft SharePoint Flaw Hits Organizations in South Africa and Mauritius: An already patched vulnerability in Microsoft’s SharePoint system is said to have compromised over 400 organizations, including several in South Africa and Mauritius. A notable target is South Africa’s National Treasury, which confirmed malware on its systems even though no disruptions were caused. Read more
Telecom Fraud Costs South Africa R5.3 Billion Annually: COMRiC’s first Telecommunications Sector Report reveals deep cybersecurity threats in South Africa. Cybercrime drains the sector R5.3 billion yearly, SIM swap fraud links to 60% of mobile banking fraud, while other attack vectors, such as phishing and ransomware, aren't showing signs of slowing down. Read more
CyberKnight Partners with Nozomi Networks to Expand OT and IoT Security Across Africa: CyberKnight has announced a strategic partnership with Nozomi Networks to distribute its OT, IoT, and CPS security solutions across Africa (excluding South Africa). The collaboration focuses on empowering large enterprises and critical infrastructure sectors in Central, East, and West Africa. Nozomi Networks, recognized as a leader in Gartner’s CPS Protection Platforms, offers AI-driven threat detection, predictive analytics, and real-time monitoring for industrial and critical systems. Read more
Kenya Orders Insurers to Report Cyber Attacks Within 24 Hours: Kenya’s Insurance Regulatory Authority now requires insurance companies to report cyberattacks within 24 hours under new regulations. Insurers must also adopt board-approved cybersecurity policies, submit quarterly incident reports, and appoint at least one cybersecurity-experienced board member. Mandatory training, phishing simulations, and better data backups are also encouraged. Read more
Ransomware Attack Hits Otjiwarongo Municipality in Namibia: A confirmed cyberattack disrupted Otjiwarongo Municipality’s systems in Namibia, involving data theft and a ransom demand by “INC Ransom.” NAM-CSIRT detected the breach, notified the municipality, and initiated containment measures. An investigation is ongoing to determine the scope and secure infrastructure. Read more
Meta partners with police to launch AMBER Alert Ghana to help find missing children: Meta and the Ghana Police Service have introduced the AMBER Alert Programme in Ghana to help locate missing children. Alerts will appear on Facebook, Instagram, and Messenger, showing the child’s photo, description, and suspected abduction location. Read more
Industry News
BlackSuit Ransomware Site Seized in Global Operation Checkmate: On July 24, BlackSuit’s dark web data leak and negotiation sites were seized in a coordinated global law enforcement effort named Operation Checkmate. A seizure notice appeared on the group’s TOR-accessible site, attributed to the U.S. Department of Homeland Security Investigations, with support from 16 agencies across nine countries, including the UK, Ukraine, Latvia, and cybersecurity firm Bitdefender. Read more
UK to Ban Ransom Payments for Public Sector and Critical Infrastructure: The UK government has announced plans to ban public sector and critical infrastructure organizations—including the NHS, schools, and local councils—from paying ransoms following ransomware attacks. The move aims to dismantle the cybercriminal business model and protect vital public services. Entities outside the scope of the ban must report any intent to pay and seek legal guidance, especially regarding sanctioned threat groups. Read more
APT41 Expands to Africa, Targets Government IT with SharePoint-based Attacks: Chinese-speaking threat group APT41 has launched advanced cyberespionage campaigns across Africa, breaching government IT systems with Windows-based lateral movement techniques. Analysts uncovered the group using Impacket modules like WmiExec and Atexec, as well as hardcoded infrastructure to hijack internal SharePoint servers for command-and-control (C2). Read more
FBI Warns of Youth-Led Cybercriminal Network ‘The Com’ Behind Global Attacks: The FBI has issued a warning about “The Com,” a vast cybercriminal network mainly composed of minors, launching attacks for money, revenge, and notoriety. The group engages in ransomware, SIM swapping, DDoS attacks, child exploitation, swatting, and violence. Members recruit youth from gaming platforms and target victims aged 11–25. Read more
High-Risk Email Threats Rise 27% in 2024, Reaching 57 Million Attacks Globally: Trend Micro reported a 27% rise in high-risk email threats in 2024, reaching nearly 57 million incidents globally. Attackers increasingly used QR-code phishing, AI-driven BEC scams, and targeted ransomware campaigns. Known malware detections rose 47%, while phishing incidents climbed 31% and BEC attacks grew 13%, with wire fraud losses nearly doubling. Read more