The department confirmed the attack and said it had implemented countermeasures to isolate the affected system. Those measures included software patches from Microsoft, the agency said.
Several entities in South Africa have been compromised by hackers who exploited a security vulnerability in Microsoft’s SharePoint servers, according to Eye Security, the cybersecurity company that identified an early wave of attacks last week.
Hackers breached about 400 government agencies, corporations and other groups around the world, although the number could be a lot higher, the Dutch company said.
Most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands, it added. Microsoft warned earlier this month that hackers were actively targeting customers who manage SharePoint on their own networks, as opposed to being hosted and managed on the cloud.
SharePoint is popular with South African institutions and companies which use it to store and collaborate on documents, as well as hosting the software on-premises to provide them with control of the systems and greater security. Cybersecurity researcher Gregory Boddin identified the breach at the South African department, and flagged that the premier’s office in Limpopo could also have been subjected to a breach. The office did not respond to queries.
On-premises
Microsoft has said that attackers are specifically targeting clients running SharePoint servers from their own on-premises networks, as opposed to being hosted and managed by the tech firm. Microsoft did not immediately respond to request for comment.
Read: SharePoint zero-day attackers now using ransomware
Elsewhere in the region, Mauritius government servers running SharePoint were also breached, according to Eye Security. — Loni Prinsloo and Cameron Fozi, (c) 2025 Bloomberg LP
Get breaking news from TechCentral on WhatsApp. Sign up here.