{"id":608349,"date":"2025-08-26T14:59:41","date_gmt":"2025-08-26T12:59:41","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=608349"},"modified":"2025-08-26T15:00:42","modified_gmt":"2025-08-26T13:00:42","slug":"state-capture-website-hacked","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/608349-state-capture-website-hacked.html","title":{"rendered":"State Capture website hacked"},"content":{"rendered":"\n

The website hosting all the documents and hearing transcripts of the Commission of Inquiry into State Capture, better known as the Zondo Commission, was attacked and replaced with links pointing to Indonesian sites.<\/p>\n\n\n\n

Specifically, the State Capture website linked to an Indonesian online gambling operation and to Lazada, an international e-commerce company and one of Southeast Asia\u2019s largest online shopping operators.<\/p>\n\n\n\n

After MyBroadband reported the issue to the website\u2019s hosting provider, Xneelo, it notified the site\u2019s custodian, which quickly reversed the takeover and reinstated the original web pages.<\/p>\n\n\n\n

A lookup against the ZA Registry Consortium\u2019s WHOIS database revealed that the domain, statecapture.org.za<\/a>, was registered through Xneelo. Xneelo also provided the site\u2019s DNS servers.<\/p>\n\n\n\n

Xneelo could not reveal who was responsible for the website. We asked Xneelo to relay an invitation to comment to its customer, but the company or individual did not come forward.<\/p>\n\n\n\n

MyBroadband asked whether the attackers exploited a vulnerability in the Zondo Commission\u2019s web application or Xneelo\u2019s server.<\/p>\n\n\n\n

\u201cThe website in question is hosted on a self-managed service, which means we have no visibility of what\u2019s on the hosted server,\u201d an Xneelo spokesperson said.<\/p>\n\n\n\n

\u201cHowever, we will pass your details on to the customer so they can decide whether they would like to respond directly.\u201d<\/p>\n\n\n\n

MyBroadband also contacted the State IT Agency (SITA) for comment, which said SITA neither hosted nor maintained the Zondo Commission\u2019s website.<\/p>\n\n\n\n

Further investigation revealed that the State Capture website was developed using CodeIgniter, an open-source PHP rapid web development framework.<\/p>\n\n\n\n

The Internet Archive\u2019s Wayback Machine shows that the site has been online since at least September 2020.<\/p>\n\n\n\n

It is unclear whether it has been patched to close security vulnerabilities discovered in CodeIgniter in the past five years.<\/p>\n\n\n\n

The purpose of the compromise remains unclear, although one likely explanation is that the hackers wanted to use it as an attack site targeting Indonesian consumers.<\/p>\n\n\n\n

Cyberattacks on the rise in South Africa<\/h2>\n\n\n\n
\"\"
Screenshot of the Indonesian online gambling platform the State Capture website linked to for a few days.<\/figcaption><\/figure>\n\n\n\n

The Zondo Commission is one of many South African entities targeted by cyberattacks this year. In the past eight months, attackers have targeted companies and government agencies across various sectors.<\/p>\n\n\n\n

Earlier this month, a cyber extortion group called INC Ransom claimed responsibility for breaching Altron Netstar\u2019s corporate network<\/a> and leaking 505GB of data onto the dark web.<\/p>\n\n\n\n

In May, ransomware gang Everest Group claimed responsibility for an attack on Mediclinic<\/a>, stating that they exfiltrated 4GB of data and the personal data of 1,000 employees.<\/p>\n\n\n\n

That same week, Adidas South Africa notified customers that it suffered a data breach<\/a> with people\u2019s names, email addresses, phone numbers, genders, and birth dates potentially exposed.<\/p>\n\n\n\n

In the telecommunications sector, MTN<\/a> and Cell C<\/a> reported data breaches earlier this year, with Cell C confirming that it was the victim of a ransomware attack by a group called RansomHouse.<\/p>\n\n\n\n

While Cell C was up-front and provided details about the attack it suffered, MTN was more tight-lipped, only saying that some people in certain markets were affected.<\/p>\n\n\n\n

Astral Foods<\/a>, South Africa\u2019s largest chicken producer, Eastplats<\/a>, a prominent mining company, and Pam Golding<\/a>, the largest real estate company in the country, all disclosed data breaches this year.<\/p>\n\n\n\n

In addition, in July, Microsoft SharePoint became the target of a zero-day vulnerability, which caused headaches for organisations worldwide.<\/p>\n\n\n\n

SharePoint is a widely used web-based platform developed by Microsoft for collaboration and document management.<\/p>\n\n\n\n

The security flaw allowed attackers to access SharePoint servers and steal keys that let them impersonate users or services. This could enable deep access into compromised networks to steal confidential data.<\/p>\n\n\n\n

Various South African organisations and government departments were exposed due to the vulnerability, including National Treasury<\/a>, which reported finding malware installed on a SharePoint server.<\/p>\n\n\n\n

South Africa\u2019s Department of Planning, Monitoring, and Evaluation was also targeted in the attacks on Microsoft\u2019s SharePoint customers.<\/p>\n\n\n\n

A U.S. security researcher also discovered that the zero-day exposed Stellenbosch University\u2019s website and potentially its broader network.<\/p>\n\n\n\n

The researcher contacted MyBroadband about the vulnerability when he struggled to reach the necessary people in Stellenbosch\u2019s IT department.<\/p>\n\n\n\n

Feedback from the university suggested that they had received several such communications, but these were all from people hoping to be hired to fix the issue, which the university said it was already working on.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Zondo Commission’s website has been restored after MyBroadband alerted the hosting company to the problem.<\/p>\n","protected":false},"author":15,"featured_media":555987,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[35410,75610,101157,40060,60101,79740,67598],"class_list":["post-608349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-internet-archive","tag-judicial-commission-of-inquiry-into-state-capture-report","tag-lazada","tag-state-capture","tag-xneelo","tag-za-registry-consortium-zarc","tag-zondo-commission"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/608349"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=608349"}],"version-history":[{"count":3,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/608349\/revisions"}],"predecessor-version":[{"id":608355,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/608349\/revisions\/608355"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/555987"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=608349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=608349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=608349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}