Cyber criminals are increasingly targeting the rapidly-evolving South African mobile network operators.
MTN and Cell C recently fell victim to cyber attacks. Last month, MTN Group alerted stakeholders that it encountered a cyber security incident that resulted in unauthorised access to some customers’ personal information in specific markets.
Also last month, notorious hacking group RansomHouse disclosed private data it obtained after it compromised mobile operator Cell C.
Amid these attacks, cyber security experts say telcos provide an important part of a country’s critical infrastructure, and disruption or downtime can have massive implications, which means this allows ransomware actors to apply more pressure.
They add that telcos store vast amounts of personal and financial data, including names, addresses, IDs, payment information, as well as call records. This data is valuable for identity theft, phishing, or blackmail, the experts say.
According to Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa, telcos are no longer just connectivity providers, as many are now involved with mobile payments, fintech partnerships and digital identity infrastructure.
“This evolution has made them quasi-financial institutions, holding or facilitating access to sensitive financial data and consumer wallets, but without the rigorous compliance and security safeguards demanded from banks and financial services institutions,” says Collard.
Additionally, she points out that telcos are often entry points into broader digital ecosystems, making them prime targets for criminal syndicates and state-aligned threat actors.
Gerhard Swart, CTO of cyber security company Performanta, concurs that telcos are part of critical infrastructure, making them attractive targets for cyber criminals looking to cause widespread disruption.
“The impact of an attack on a telecoms service provider can be significant, affecting millions of users and critical services,” says Swart.
“Telecoms companies hold vast amounts of sensitive data and have extensive network access, making them prime targets for data theft and espionage.”
He notes that the increasing adoption of internet of things (IOT) devices and the rollout of 5G networks have expanded the attack surface for cyber criminals. “These technologies introduced new vulnerabilities that are exploited by attackers.”
Lionel Dartnall, Check Point country manager for SADC, says the growing reliance on digital infrastructure in the telecoms industry, coupled with its public-facing nature, make this critical infrastructure sector a prime target for cyber criminals looking to exploit vulnerabilities.
He explains that telcos are prime targets due to the vast amount of sensitive subscriber information they possess.
“This means the potential for a large database extraction or encryption improves cyber criminals’ chances of a ransom payout. Also, the critical nature of the services these industries offer to commercial and business consumers makes them a prime target,” says Dartnall.
“Gaining access to one telecommunications provider could potentially expose sensitive identity information related to millions of customers. This makes such attacks not only more lucrative from an extortion perspective, but the sensitive customer information can also be sold on the dark web or used for further criminal activities. Downtime and data breaches are very difficult to recover from, not mentioning reputational damage.”
The experts note the trend of targeting telecom firms is not limited to South Africa, but is observed globally.
Swart points out that cyber criminals are exploiting the same vulnerabilities and attack vectors worldwide, making telecoms providers a common target.
According to Collard, globally, telecoms firms have been under increasing attack. “Notable incidents include breaches at T-Mobile (US), Optus (Australia) and British Telecom. These attacks often exploit supply chain weaknesses, third-party vendor vulnerabilities, or legacy systems with poor segmentation.”
She points out that telcos are also targeted for surveillance purposes by state-backed groups, and their infrastructure is used to intercept communications.
“With the rise of 5G, IOT and cloud-native networks, the attack surface is growing rapidly – a trend mirrored in South Africa.”
Dartnall says the recent Check Point Q1 2025 Cyber Security Report showed that globally the telecoms sector was the third-largest industry to be targeted by cyber criminals, reaching 2 664 attacks per organisation per week – experiencing the highest percentage increase with a 94% jump from the same period last year.
“The continued rise in cyber attacks underscores the need for more robust security measures. Organisations must prioritise strengthening their cyber security postures, including deploying advanced threat detection systems, training staff on cyber security best practices, and ensuring rapid incident response capabilities,” says Dartnall.
“The rise in ransomware attacks, particularly in high-profile sectors like consumer goods and services, business services and industrial manufacturing, highlights the critical need for organisations to implement robust backup strategies, network segmentation and secure access controls to mitigate the impact of such threats.”
Swart urges the telcos to adopt comprehensive security measures and follow frameworks that are well-established.
“Conducting regular vulnerability assessments and penetration tests can help identify and address potential security weaknesses before they are exploited by cyber criminals. Human error remains a common vector for cyber attacks. Ongoing education and awareness initiatives can ensure staff can recognise and mitigate threats, fostering a culture of cyber security,” he states.
To mitigate against the cyber risks, Collard says telcos should invest in modern security architecture, including zero trust principles, segmentation and real-time monitoring.
She also urges the firms to investigate AI-based security augmentation tools to assist internal security operation centre teams with monitoring and threat response.
“In the wake of increased cyber attacks, security leaders must prioritise cyber security that allows for increased visibility and control, adopting customised strategies to stop attacks before they can impact their business – and their bottom line. Cyber security remains an ongoing battle, and businesses must remain vigilant to safeguard their assets, reputations and the trust of their customers,” Dartnall concludes.
Share