The South African government is now a prime target for global threat actors, cyber security company Trellix has warned.

Trellix says after its recent research, the government emerged as attracting to threat actors, education came second, followed by financial services, utilities, wholesale, media, and consumer products.

The company presented its findings at the recent first quarter 2023 Trellix Cyber Threat Intelligence Briefing: Update for South Africa, March 2023.

The data, measured and recorded by Trellix’s Advanced Research Centre team and Cyber Threat Management engineers, showed that global threat actors have not relented on their assault on South Africa systems.

“With the rapidly advancing sophistication of threat actors and the ushering of near-unlimited resources from the highest levels of business and politics, South African private and public institutions will need to adopt an equally persistent attitude towards their online defences,” says Carlo Bolzonello, country manager Trellix South Africa.

He continued: “With the threat landscape constantly changing, and threat actors adapting their tactics daily, organisations both large and small must also adapt their cybersecurity strategies to keep in step with the increasingly automated, smart tools deployed by threat actors from inside and outside the country’s borders.

“The South African economy is quickly adopting more advanced technology across commerce, service delivery and communication. This transition might leave gaps of exposure for various groups to test weakness left open, as old systems make way for more modern ones.”

According to Trellix, top attacks launched by threat actors during first quarter 2023 included Mustang Panda, APT40, Backdoor Diplomacy, ATP10, Lazarus, Winnti Group, Naikon, Vice Society and FIN7.

Notable attacks observed were:

* UNC4191, a cyber espionage operation coming out of Southeast Asia, leveraging USB devices carried by users as the initial infection point;

* Advanced Persistent Threats (APT) – namely: APT27, APT39, APT28, APT41 – which are typically nation state-backed groups gaining unauthorised access to computer networks, remaining undetected for long periods while mining highly sensitive information; and

* Common Raven, which commonly targets the SWIFT payment infrastructure utilised by major financial institutions.