Telecom Namibia, the telecommunications provider for the African nation of Namibia, fell victim to a significant ransomware attack late last year. This incident highlighted the convergence of two concerning trends in the region: the escalating attacks on critical infrastructure and the increasingly prevalent threat of ransomware.
In December, Telecom Namibia disclosed to its customers that it had been targeted by a ransomware-as-a-service (RaaS) group called Hunters International, resulting in the exposure of user information online. The company is collaborating with law enforcement agencies and external incident response teams to investigate the breach further, as stated by CEO Stanley Shanapinda in a press release on Dec. 16.
Initially, it was believed that no sensitive data had been compromised. However, subsequent assessments revealed that certain customer information had indeed been exposed. Shanapinda stated, “The threat was contained approximately three weeks ago, preventing further attacks on our systems and third parties. Unfortunately, the leaked information made its way onto the dark web after we refused to engage in any ransom negotiations.”
The ransomware attack on Telecom Namibia is not an isolated incident in the region. Other critical infrastructure entities in Africa have also fallen victim to cyberattacks aimed at extracting financial gains or causing disruption. For instance, the National Health Laboratory Service in South Africa experienced a ransomware attack that disrupted operations and led to data loss. Similarly, Hunters International targeted the Kenyan Urban Roads Authority, exfiltrating a significant amount of data.
According to cybersecurity firm Positive Technologies, ransomware incidents accounted for a third of successful cyberattacks in the region. Energy entities like Eneo in Cameroon, as well as industrial organizations in Egypt and South Africa, were among the targets. The telecommunications and manufacturing sectors were also heavily impacted, with each accounting for 10% of the successful attacks.
Alexey Lukatsky, a cybersecurity expert at Positive Technologies, emphasized that these cyberattacks were fueled by factors such as rapid digital transformation, geopolitical tensions, and inadequate security measures safeguarding critical infrastructure. As digital networks expand and collect vast amounts of user data, sectors like telecommunications become attractive targets for cybercriminals seeking financial rewards or engaging in espionage activities.
Looking ahead to 2025, Lukatsky predicted a continued rise in cyber threats, especially in sectors such as energy, telecommunications, and manufacturing. These industries remain prime targets for cybercriminals and advanced persistent threat (APT) groups with various motives, including financial incentives, data theft, and geopolitical agendas.
The emergence of ransomware-as-a-service offerings has further amplified the risks faced by critical infrastructure entities. Avinash Singh, a cybersecurity expert at the University of Pretoria in South Africa, highlighted the growing popularity of RaaS in Africa, where some cybercriminal groups view the region as a testing ground for their latest attacks. RaaS enables attackers to focus on high-value targets that promise substantial ransom payouts, such as large corporations and essential service providers.
Singh also underscored the threat posed by third-party suppliers and supply chain attacks, which have become prevalent in Africa. Cybercriminals are distributing malicious software through popular platforms, infecting personal and business devices in the process. To mitigate these risks, African organizations must enhance cyber awareness among their employees and customers while implementing secure practices during digital transformation efforts.
As geopolitical tensions escalate globally, the cyber threat landscape in Africa is expected to evolve. State-sponsored actors and other threat actors may exploit these tensions to launch cyberattacks with far-reaching consequences. Despite Africa not being a primary target compared to other continents, the region remains vulnerable to cyber threats, emphasizing the urgency for proactive cybersecurity measures and vigilance among organizations and individuals.