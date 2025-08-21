Netstar, the vehicle tracking company owned by JSE-listed Altron, has suffered a data breach and possibly a ransomware attack.

A group called INC Ransom claimed responsibility for the breach, stating on their dark web leak site that they exfiltrated 505GB of data.

Examining a sample of the files uploaded suggests that the attackers stole documents exposing the private data of some customers, as well as confidential data such as invoices and source code.

In its latest annual results, Altron reported that Netstar’s subscriber base increased 16% year-over-year to surpass two million users. It also reported EBITDA of R935 million.

Altron reported that Netstar processed over 226 billion data points between 1 March 2024 and 28 February 2025, and has scaled its fleet to over 33,000 assets globally.

According to cybersecurity firm Check Point, INC Ransom first emerged in July 2023 and had publicly announced the successful infiltration of 12 victims by September of that year.

INC Ransom targets vulnerabilities in business services or uses a series of spear-phishing campaigns to compromise user credentials.

Once threat actors have access to a company’s systems, they use the compromised accounts to perform several forms of system scanning.

They will search for other vulnerabilities in the ecosystem, scanning networks, domains, and other connected network devices.

Using compromised accounts, the group will inspect documents, images, and the contents of folders to ensure there is valuable data in the system.

INC Ransom then extracts other available login credentials and accesses multiple company systems, networks, and accounts.

Once they have access to numerous devices and systems in a business, the group deploys payloads that install ransomware onto these endpoints.

The ransomware will encrypt documents and bar company access. Check Point warned that INC Ransom will also use automation to rapidly take over enterprise-scale data systems.

It noted that the group tends to target larger, multinational companies in high-value data industries, including the financial, healthcare, and technology sectors.

INC Ransom rarely targets companies like Netstar, as most of its victims are enterprises in North America, Europe, and, to a lesser extent, Australia.

Professional services, manufacturing, construction, and healthcare are its leading industries in terms of the number of victims.

South Africa under attack

Altron Netstar is not the only South African company to suffer a data breach this year. Attackers have targeted companies and government agencies across various sectors in the past eight months.

In May, cyber extortion gang Everest Group claimed responsibility for an attack on Mediclinic, stating that they exfiltrated 4GB of data and the personal data of 1,000 employees.

That same week, Adidas South Africa notified customers that it suffered a data breach with people’s names, email addresses, phone numbers, genders, and birth dates potentially exposed.

In the telecommunications sector, MTN and Cell C reported data breaches earlier this year, with Cell C confirming that it was the victim of a ransomware attack by a group called RansomHouse.

While Cell C was up-front and provided details about the attack it suffered, MTN was more tight-lipped, only saying that some people in certain markets were affected.

Astral Foods, South Africa’s largest chicken producer, Eastplats, a prominent mining company, and Pam Golding, the largest real estate company in the country, all disclosed data breaches this year.

In addition, Microsoft SharePoint became the target of a zero-day vulnerability in July, which caused headaches for organisations worldwide.

SharePoint is a widely used web-based platform developed by Microsoft for collaboration and document management.

The security flaw allowed attackers to access SharePoint servers and steal keys that let them impersonate users or services. This could enable deep access into compromised networks to steal confidential data.

Various South African organisations and government departments were exposed due to the vulnerability, including National Treasury, which reported finding malware installed on a SharePoint server.

South Africa’s Department of Planning, Monitoring, and Evaluation was also targeted in the attacks on Microsoft’s SharePoint customers.

A U.S. security researcher also discovered that the zero-day exposed Stellenbosch University’s website and potentially its broader network.

The researcher contacted MyBroadband about the vulnerability when he struggled to make contact with the necessary people in Stellenbosch’s IT department.

Feedback from the university suggested that they had received several such communications, but these were all from people hoping to be hired to fix the issue, which the university said it was already working on.

MyBroadband asked Altron for comment about the INC Ransom attack, and a spokesperson for the company said they were investigating the matter.