Malware Discovered at SA Treasury as Global Cyber Breach Spreads

In a world where cybercrime is evolving faster than most governments can keep up with, South Africa has once again found itself in the crosshairs. This time it is the National Treasury that has been hit, confirming malware was discovered on one of its key infrastructure reporting systems.

The cause? A flaw in Microsoft’s SharePoint server software. This is the same vulnerability that has already compromised hundreds of organisations worldwide.

What Happened?

The breach came to light after Treasury confirmed malware had been detected on its Infrastructure Reporting Model website, a tool used for tracking and managing national infrastructure projects. The breach appears to be part of a wider wave of global cyberattacks exploiting a specific weakness in Microsoft SharePoint.

While Microsoft has released patches for two SharePoint versions, it admitted SharePoint 2016 remains vulnerable. This leaves many institutions exposed, including those that might have assumed they were safe.

South Africa currently ranks 27th globally among the most breached countries. This recent incident further underscores the nation’s growing cyber vulnerability.

How Big Is This?

The scale is significant. The same attack reportedly hit hundreds of government agencies and companies worldwide, including sensitive institutions such as the US National Nuclear Security Administration, the body responsible for America’s nuclear arsenal.

Most victims have been reported in the United States, with additional targets in Mauritius, Jordan, the Netherlands, and, of course, South Africa.

Inside Treasury’s Digital Defences

Despite the scare, the National Treasury states its systems remain operational with no reported disruptions to services.

According to a public statement, the department processes over 200,000 emails per day and supports more than 400,000 user connections through its various online platforms. Its ICT team blocks an average of 5,800 daily threats, including phishing attempts, malware, and spam attacks.

In response to the latest reports, Treasury has enlisted Microsoft’s assistance to investigate and resolve any security vulnerabilities within its internal systems.

Who’s Behind the Hack?

Microsoft has attributed the attack to Chinese state-sponsored hacking groups known by codenames such as Linen Typhoon, Violet Typhoon, and Storm-2603. These groups reportedly used the SharePoint flaw to infiltrate networks, steal credentials, and gain access to highly confidential data.

This broader campaign has intensified long-standing tensions between Washington and Beijing, with the US accusing China of running cyber-espionage operations that have stolen secrets from governments and corporations worldwide for decades.

South Africa’s Digital Wake-Up Call

Although the breach at the Treasury may not have caused immediate damage, it serves as a serious warning.

Government IT infrastructure often suffers from underfunding and outdated systems, making it an easy target in a digital age where cybercriminals move quickly and quietly. If a flaw in widely used software like SharePoint can lead to such a wide-reaching breach, South African agencies must invest more seriously in cybersecurity.

Also read: South Africa’s SharePoint Security Shock: What You Need to Know in 2025

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com

Source: The Citizen

Featured Image: MyBroadband