A recently released Interpol report on cyber threats to Africa reveals the “aggressive double-extortion” hacking group LockBit is wreaking havoc in Africa.
This, after the notorious group claimed responsibility for a February 2024 attack on South Africa’s Government Employees Pension Fund (GEPF).
LockBit was also linked to numerous incidents in West Africa. “Although authorities temporarily seized LockBit’s darknet sites during an international crackdown, the group soon resurfaced to post, or potentially re-post, victim data, causing serious operational disruptions and significant data breaches,” Interpol states in its Africa Cyberthreat Assessment Report 2025.
The GEPF attack alone affected millions of individuals, highlighting the severe risks posed by LockBit’s continued activity, it indicated. The GEPF closed its offices for six days while it resolved the issue and no payments were affected, it said at the time.
Interpol also noted a Department of Defence breach, in which the Snatch ransomware group resulted in the loss of 1.6TB of data, including the contact details of president Cyril Ramaphosa.
Other publicly disclosed breaches include the South African Broadcasting Corporation, eNCA, South African Weather Service, National Treasury and platinum miner Eastern Platinum, according to iTVersity Belgium Campus monitoring.
Towards the end of last month, National Treasury confirmed it had been targeted by the Linen Typhoon and Violet Typhoon groups following a hack on Microsoft’s SharePoint server.
Data breaches cost South Africa $2.78 million (R48.8 million at the current exchange rate of R17.56 to the dollar) last year, down from $2.88 million (R47 million) in 2023, the South African Reserve Bank says.
Interpol’s Africa Cyberthreat Assessment Report 2025 warns that South Africa remains a top target, particularly in finance and government. The central bank has said that a cyber attack on the financial system could trigger a ripple effect across the economy, essentially causing an “economic heart attack”.
Phishing continues to be Africa’s most prevalent cyber threat, accounting for 34% of all incidents, says Interpol. It reports a sharp increase in phishing e-mails used to initiate sextortion campaigns.
“The psychological toll on victims is substantial. In South Africa, authorities reported a rise in teenage victims, and one adult victim died by suicide following a sextortion incident,” the report notes.
Facebook parent Meta recently shut down several WhatsApp and Instagram accounts in compliance with a court order over sexually explicit content being shared via the social media channels, following a legal precedent secured by a lawyer on behalf of unknown victims.
Cyber criminals are increasingly using artificial intelligence (AI) to create deepfake voice and video impersonations, escalating vishing attacks that mimic CEOs and vendors. Ransomware was also prevalent.
“Private partners show that South Africa and Egypt suffered the highest number of ransomware incidents in 2024, followed by Nigeria, Kenya, the Gambia, Tunisia and Morocco,” Interpol says.
This corresponds with comments from experts indicating the use of AI in cyber hacks is becoming more prevalent because today’s attackers have more tools, more entry points and greater confidence in their ability to evade detection.
Fintech and crypto-currencies are another growing target. “Crypto-jacking became increasingly prevalent, with financial institutions reporting substantial growth in such incidents during 2024,” the report notes.
Mass manipulation
Crypto-jacking involves hackers using victims’ devices to mine crypto-currency without consent. SMS phishing (smishing) targeting banking customers remains common, and social engineering continues as a central tactic in many attacks.
Despite these threats, Southern Africa is recognised for having one of the continent’s most advanced cyber security ecosystems. South Africa, Namibia and Botswana have invested heavily in awareness, legal frameworks and AI-driven security technologies.
Interpol highlights South African initiatives such as Operation Red Card, which ran from October 2024 to March 2025 under the African Joint Operation Against Cyber Crime Project. It dismantled an online loan scam network by analysing domains, Android Package Kit files and social media profiles.
“Private sector intelligence contributed to cyber activity reports, which were instrumental in identifying criminal infrastructure and threat actors,” the agency says.
The Institute of Information Technology Professionals South Africa hosted the inaugural Cyber Security Moot Court in Gqeberha, where high school students presented arguments on a fictional cyber bullying case before a panel of judges, aiming to deepen understanding of digital harm and school-level policy solutions.
Interpol’s report also shows a 53% decline in scam notifications for South Africa last year, compared with almost 5 000 reported incidents in 2023. It links the surge in online scams across the continent to Africa’s accelerating digital transformation.
Share