{"id":653461,"date":"2026-06-14T16:59:29","date_gmt":"2026-06-14T14:59:29","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=653461"},"modified":"2026-06-14T17:00:17","modified_gmt":"2026-06-14T15:00:17","slug":"south-african-government-leaving-doors-wide-open-to-cybercriminals","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/653461-south-african-government-leaving-doors-wide-open-to-cybercriminals.html","title":{"rendered":"South African government leaving doors wide open to cybercriminals"},"content":{"rendered":"\n<p>Hundreds of South African government websites are wide open to cyberattacks thanks to years of poor maintenance and disregard, a cybersecurity researcher has claimed.<\/p>\n\n\n\n<p>Despite this, the State Information Technology Agency (SITA), which is responsible for a large portion of the government&#8217;s ICT infrastructure, previously said that its systems were secure.<\/p>\n\n\n\n<p>According to a <a href=\"https:\/\/groundup.org.za\/article\/heres-how-insecure-governments-websites\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ground Up<\/a> report, cybersecurity researcher Joel Cedras found hundreds of exploitable vulnerabilities across thousands of government websites hosted by SITA.<\/p>\n\n\n\n<p>Cedras was part of the team of young researchers that <a href=\"https:\/\/mybroadband.co.za\/news\/security\/577451-the-huge-security-flaw-exposed-in-south-africas-financial-systems.html\">uncovered massive fraud<\/a> in South Africa&#8217;s Social Relief of Distress (SRD) grant system in 2024.<\/p>\n\n\n\n<p>They launched an investigation that revealed the fraud was enabled by a chain of security flaws across several entities in South Africa, including cellular service providers and banks.<\/p>\n\n\n\n<p>In the latest report, Cedras said that of the 1,100 public-facing systems in SITA&#8217;s network, 1 in 7 carry a known security vulnerability that has not yet been patched.<\/p>\n\n\n\n<p>This problem is even more severe in non-SITA government networks, where 516 public-facing systems were allegedly found to be riddled with exploitable vulnerabilities.<\/p>\n\n\n\n<p>The network is nearly half the size of the SITA network, yet has nearly as many critical security flaws, with one in five carrying a known vulnerability, he said.<\/p>\n\n\n\n<p>&#8220;Our security operations teams operate on a continuous, 24\/7 basis and are equipped with monitoring and threat-detection capabilities.&#8221;<\/p>\n\n\n\n<p>Tlali Tlali, head of corporate affairs at SITA, previously told MyBroadband that its security operations teams monitor the network 24\/7 and are equipped to handle threats as they arise.<\/p>\n\n\n\n<p>In new feedback, Tlali told MyBroadband that there are ongoing modernisation initiatives aimed at improving the security posture and performance of critical government systems. <\/p>\n\n\n\n<p>&#8220;Many departments host their systems in their own environments or through approved third-party service providers, while still utilising SITA&#8217;s network services for connectivity and secure access.&#8221;<\/p>\n\n\n\n<p>&#8220;SITA remains committed to the continual improvement of the Government Private Network (GPN) security posture through the implementation of enhanced security controls,&#8221; he said.<\/p>\n\n\n\n<p>Tlali said that SITA is also implementing proactive monitoring and ongoing cybersecurity improvement initiatives to enhance security across the network. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Risks of cyberattacks and ransomware on state institutions<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"900\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras.jpg\" alt=\"\" class=\"wp-image-653475\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras.jpg 1600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras-1200x675.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras-768x432.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Joel-Cedras-1536x864.jpg 1536w\" sizes=\"(max-width: 1600px) 100vw, 1600px\" \/><figcaption class=\"wp-element-caption\">Joel Cedras, cybersecurity researcher<\/figcaption><\/figure>\n\n\n\n<p>Cedras told MyBroadband that the risk of a SITA-hosted network being struck by a cyberattack was extremely high.<\/p>\n\n\n\n<p>&#8220;I would ask whether it has happened already. Six of the vulnerabilities found were on the Known Exploited Vulnerabilities list,&#8221; he said.<\/p>\n\n\n\n<p>&#8220;Both on and off SITA&#8217;s network, some government servers have been unpatched for over a decade. The doors are open.&#8221;<\/p>\n\n\n\n<p>He said there are many SITA networks he considers highly vulnerable and susceptible to cyberattacks due to unpatched vulnerabilities.<\/p>\n\n\n\n<p>Some examples were the Deeds Office, which he discovered had over 450 vulnerabilities. Meanwhile, the Eastern Cape Health Department was found to be vulnerable to a type of attack called ProxyLogon.<\/p>\n\n\n\n<p>This attack allows attackers to impersonate an admin and get access to their Exchange server and its email, Cedras explained. This could lead to a major data breach or double-extortion attack.<\/p>\n\n\n\n<p>Other websites ripe for exploitation included those of the Department of Sports, Arts and Culture, which had more than 100 vulnerabilities on a single server.<\/p>\n\n\n\n<p>The Limpopo Government had more than 150 vulnerabilities on a single server hosting its infrastructure, while the Department of Home Affairs had over 100 open vulnerabilities.<\/p>\n\n\n\n<p>&#8220;The list goes on. And that&#8217;s just on SITA&#8217;s network!&#8221; he said. &#8220;There have already been several exploits. More will happen unless the situation is addressed.&#8221;<\/p>\n\n\n\n<p>Statistics South Africa was <a href=\"https:\/\/mybroadband.co.za\/news\/security\/636993-south-african-government-agency-with-sensitive-data-breached-in-r1-7-million-ransomware-attack.html\">struck by a ransomware attack<\/a> in May by a group of threat actors called XP95, which vanished from the scene almost as quickly as it emerged.<\/p>\n\n\n\n<p>The group claimed to have successfully breached the agency and said it stole 154 GB of data from an unspecified Stats SA server.<\/p>\n\n\n\n<p>XP95 demanded R1.7 million to prevent the leaking of the data it allegedly collected from the server and set a deadline for later that month. Stats SA said that it would not pay.<\/p>\n\n\n\n<p>Cedras said the risk was that these servers hold data that South African citizens have provided to the government, including identity documents, title deeds, criminal histories, and more.<\/p>\n\n\n\n<p>&#8220;There is a serious risk of leaking of sensitive data, which can facilitate fraud and other crimes against citizens,&#8221; he explained.<\/p>\n\n\n\n<p>&#8220;Many of the systems on the network are demonstrably under-maintained and extremely out of date. A ransomware attack could also shut down multiple government services at once.&#8221;<\/p>\n\n\n\n<p>A network-wide ransomware attack through one of SITA&#8217;s or the wider government&#8217;s unsecured networks would render South Africans unable to use government services.<\/p>\n\n\n\n<p>Tlali said that SITA recently conducted a security assessment across National and Provincial government departments in conjunction with key government stakeholders. <\/p>\n\n\n\n<p>&#8220;These assessments highlight areas that require remediation to improve security posture, which government departments need to prioritise and work with SITA to address,&#8221; he said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A cybersecurity researcher has found that hundreds of websites under SITA are poorly maintained and vulnerable to cyberattacks. <\/p>\n","protected":false},"author":341213,"featured_media":638162,"comment_status":"open","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[105845,96073,105846,30150,4104,17082,5646,103766],"class_list":["post-653461","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-ground-up","tag-joel-cedras","tag-proxylogon","tag-ransomware","tag-sita","tag-state-information-technology-agency","tag-stats-sa","tag-xp95"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653461"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=653461"}],"version-history":[{"count":8,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653461\/revisions"}],"predecessor-version":[{"id":653872,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/653461\/revisions\/653872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/638162"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=653461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=653461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=653461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}