A 1.6TB file containing personnel details of the South African Department of Defence has been discovered on a leak site. The “Snatch” group has taken responsibility for the data leak, claiming that the massive file contains “exclusive information with billion dollar contracts, generals’ call signs and personal information.” The leaked documents reveal lists of names, landline and cellphone numbers, email addresses, birthdates, and job titles. All of the phone numbers are from the Pretoria region, where the Department of Defence is located.
However, the Department of Defence spokesperson, Siphiwe Dlamini, denies any leak and dismisses the claims made by the Snatch group as “fake news”. Similarly, SANDF spokesperson Brigadier General Andries Mahapa also refutes the existence of any leaked or stolen data. In response, the Snatch group states that it had attempted to inform the country’s leadership about the situation but was ignored.
Attempts to seek clarification from the South African Department of Defence regarding the incident and the legitimacy of the data have gone unanswered.
Charl van der Walt, the head of security research at Orange Cyberdefense, explains that the leaked data was discovered through automated processes conducted by the security services provider for research and customer assistance purposes. According to Carl Morris, a senior lead research manager at Orange Cyberdefense, the posted leaked data had received 16,922 views and 782 downloads of the 1.6TB file at the time of reporting. Although these numbers may seem relatively low, Morris notes that they are comparable to the group’s previous leaks.
Snatch has been active since 2019, operating independently without any apparent affiliations or partnerships. Van der Walt describes the group as a “low-burn, consistent kind of gang”, noting that approximately 10% of their attacks involve data extortion.
If a breach has indeed occurred, the South African information regulator must be informed. The regulator is aware of media reports regarding the alleged security compromise at the Department of Defence. It is worth noting that this incident follows a ransomware attack on the South African Department of Justice and Constitutional Development earlier in 2021, which affected all of the department’s electronic systems. Additionally, the South African National Space Agency fell victim to an attack in the same year, resulting in the theft of over 14GB of information by a group called CoomingProject.
The South African government now faces the task of investigating the alleged data leak at the Department of Defence and ensuring that appropriate measures are taken to prevent future breaches.