{"id":413124,"date":"2021-09-08T15:29:51","date_gmt":"2021-09-08T13:29:51","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=413124"},"modified":"2021-09-09T09:57:31","modified_gmt":"2021-09-09T07:57:31","slug":"south-african-space-agency-hit-by-data-breach","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/413124-south-african-space-agency-hit-by-data-breach.html","title":{"rendered":"South African space agency hit by data breach"},"content":{"rendered":"

The South African National Space Agency (Sansa) has been the victim of an attempted cyberattack, and 20GB of data taken from one of its servers has been posted online.<\/p>\n

A group calling itself CoomingProject has claimed responsibility for the attack.<\/p>\n

Some of the group\u2019s other victims include cloud cryptocurrency mining service Miningbase and the hacker community Hacker.org.<\/p>\n

An analysis of the data taken from Sansa\u2019s servers indicates that the attackers gained access to a file server which does not appear to contain any sensitive data.<\/p>\n

This hack of Sansa\u2019s server follows a cyberattack<\/strong><\/a> on state-owned ports, rail, and pipeline operator Transnet in July that severely disrupted South Africa\u2019s ports.<\/p>\n

The attack on Transnet brought operations at many of South Africa\u2019s ports to a near-standstill.<\/p>\n

With IT systems offline, Transnet had to rely on manual systems to process incoming and outgoing ships and the movement of containers.<\/p>\n

The company declared force majeure<\/em><\/strong><\/a> on 27 July, and by mid-August public enterprises minister Pravin Gordhan said that Transnet had recovered most of its systems.<\/p>\n

While the Transnet attack was suspected to be ransomware, CoomingProject states that they are not a ransomware gang.<\/p>\n

In a statement to MyBroadband, the group said they are \u201ca group like ShinyHunters\u201d, which is known for stealing data from organisations and selling it on the dark web.<\/p>\n

CoomingProject declined to reveal the vulnerability in Sansa\u2019s systems which allowed it to gain access to the file server.<\/p>\n

Emsisoft threat analyst Brett Callow told MyBroadband that while all gangs have the ability to encrypt and exfiltrate data, some choose to skip the encryption part and instead rely only on the threat of releasing their victims’ data to extort payment.<\/p>\n

“The reason for this isn\u2019t clear, especially as it may be less effective, but it may be because the gangs believe they\u2019ll attract less attention from law enforcement by avoiding destructive attacks,” Callow said.<\/p>\n

“CoomingProject is relatively new and, at this point, very little is known about the operation or those behind it.”<\/p>\n

\"\"<\/a><\/p>\n

MyBroadband contacted Sansa for comment, which confirmed the data breach.<\/p>\n

\u201cOn 6 September 2021, Sansa was notified of a possible breach to the IT system. A file consisting of Sansa information was in the public domain,\u201d a spokesperson for the agency said.<\/p>\n

\u201cAn internal investigation was conducted, and it was determined that no network breach occurred. The file dump was from the public anonymous FTP server that is active at the Sansa Hermanus facility.\u201d<\/p>\n

Sansa said that the server did have personal information of previous students at Sansa.<\/p>\n

\u201cMost of the data is information that can be accessed in the public domain as it refers to research related work in Space Science,\u201d said the agency.<\/p>\n

Sansa said that it completely removed the public anonymous access of the FTP server.<\/p>\n

It committed to notifying the Information Regulator about the breach, and said that all affected parties will also be notified.<\/p>\n

\u201cTakedown requests have been sent to sites and domains hosting the data,\u201d Sansa stated, but acknowledged that the data might remain on the Internet despite its attempts to have it removed.<\/p>\n

\n

Now read: South Africa has one 80-year-old plane left to patrol its seas<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

MyBroadband spoke to a group of hackers who broke into a server belonging to the South African National Space Agency and made off with at least 20GB of data.<\/p>\n","protected":false},"author":15,"featured_media":413126,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[44160,35,18759],"class_list":["post-413124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cyberattack","tag-headline","tag-south-african-national-space-agency-sansa"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/413124"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=413124"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/413124\/revisions"}],"predecessor-version":[{"id":413140,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/413124\/revisions\/413140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/413126"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=413124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=413124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=413124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}