Trellix Data Exposes State-Sponsored Cyber Attacks on South African Government


Trellix, a cybersecurity firm pioneering XDR, reveals Q2 2023 cyber threat insights in South Africa. The data underscores that government organizations remain the primary targets for threat actors seeking to breach South African IT systems.

In its recent threat report presented at the Trellix Cyberthreat Intelligence Briefing for South Africa, it was revealed that government systems faced 26% of all detected threat activity. Business service providers followed at 16%, with wholesalers’ networks at 14%, and utilities’ systems at 12%. Interestingly, the majority of threat activity surged on Mondays and Fridays.

Carlo Bolzonello, Trellix South Africa’s country lead, highlights, “Despite not experiencing a significant surge in detections since the first quarter, we have noticed a worrisome trend of specialized, well-equipped, and highly skilled threat actors. What’s even more alarming is their interconnection with extensive networks and potential state support, indicating a coordinated and sophisticated approach to their malicious activities.”

Trellix’s data further reveals that the Lazarus Group and Daggerfly Advanced Persistent Threats (APT) Group have intensified their targeted efforts to infiltrate critical South African systems.

The Lazarus Group, historically linked to a North Korean state-sponsored APT syndicate, initially operated as a criminal group. It has since been tied to the North Korean government by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Lazarus deploys diverse tools like DDoS botnets, keyloggers, RATs, and wiper malware within broader HIDDEN COBRA operations.

Lazarus spear-phishes for credentials, and financial data, and uses “living off the land” tactics with fileless malware and legitimate tools.

Conversely, Daggerfly APT, possibly linked to China, intensifies its focus on African telecoms, raising concern. This threat actor focuses on information gathering, using methods like PlugX loaders and living off-the-land tooling.

Bolzonello underscores the destructive capabilities of some threat actor tools, pointing to their trail obfuscation techniques. He notes that adversaries skillfully manipulate time stamps and hide backdoors, making analysis exceedingly challenging for investigative teams.

He adds, “What is even more concerning is that these adversaries are highly proficient in evasion tactics, leaving organizations believing they have eliminated the threats, when in reality, they may still lie concealed.”

Trellix XDR detects, and mitigates advanced attacks, integrating seamlessly with third-party data sources through its native open architecture.

The platform analyzes 650+ security tools, offering actionable insights via Trellix Advance Research Centre for responsive security.

Sign Up for Our Newsletters

Get notified of the best deals on our WordPress themes.

You May Also Like