The South African Department of Defence has retracted denials that its network was breached while it further investigates claims by cyber extortion gang Snatch.
Snatch, so named for the iconic Guy Ritchie movie and apparently a backronym for “Security Notification Attachment”, claimed responsibility for an attack on the South African Department of Defence last week.
Responding to commenters on its posts about the breach, the group said this project was a year old and that it had exfiltrated around 200 terabytes (TB) of data.
It posted a 499GB archive online as a “proof pack”, which it said extracts to 1.6TB.
Security researchers who have downloaded a portion of the file, and spoke to MyBroadband on condition of anonymity, have said it appears legitimate.
They said the archive contains a mixture of personal and work files of Department of Defence and SANDF staff.
In addition to the archive, Snatch also posted the contact information of various government and military officials, including phone numbers and private email addresses supposedly belonging to President Cyril Ramaphosa.
Checking the list of eight cellphone numbers Snatch said are Rampahosa’s against Truecaller’s database revealed that at least two of the numbers could belong to South Africa’s sitting president.
MyBroadband contacted the Department of Defence (DOD) for comment upon first learning of the breach last week and did not receive feedback.
However, DOD and SANDF spokespeople told News24 on Friday there was no breach.
DOD Head of Communication Siphiwe Dlamini reportedly said, “Nope, none,” when asked.
According to the report, SANDF spokesperson Brigadier General Andries Mokoena Mahapa went so far as to call it “fake news”.
When MyBroadband phoned Dlamini on Monday morning, he walked back their Friday statements.
“That was the information I had at that time,” he told MyBroadband.
“Our guys are going through that, and I’m going to get updated information about what actually transpired officially by the end of the day.”
By close of business on Monday, MyBroadband had not received word from Dlamini and tried to follow up with him.
When he didn’t answer his phone, we called Brigadier General Mahapa, who declined to comment and said Dlamini was best positioned to provide an authoritative update.
Dlamini later responded to our WhatsApp text message, saying he had not yet heard back from the team investigating Snatch’s claims and hoped to get a response today.
As of Monday night, the Department of Defence has not provided further feedback.
MyBroadband contacted Snatch for an interview, and the group’s spokesperson did not respond by publication.