Yesterday, DataBreaches reported on SNAtch Team and how they were not a ransomware gang or using what had been referred to as the Snatch locker or ransomware. In that report, DataBreaches included a description provided by their spokesperson about their attack on the South Africa Department of Defense — an attack that SANDF initially dismissed as “fake news” and now claims wasn’t a hack.
MyBroadband reports:
The South African National Defence Force (SANDF) has again denied that the Department of Defence’s network was hacked following claims of an alleged data breach last week.
In a statement on Saturday, 2 September 2023, the SANDF said the incident was the work of “criminal syndicates within the cyberspace” aided through information leaked from the department.
Read more at MyBroadband. It sounded like SANDF was suggesting that an insider leaked information that SNAtch Team used to exfiltrate data. Their denials and claims are directly refuted by SNAtchTeam’s description of the attack, as previously reported on DataBreaches and repeated in the MyBroadband article. In an update to their article, MyBroadband reports:
Following the publication of this article, Dlamini told MyBroadband the investigation into the incident was ongoing.
He did not provide further clarity on why the department did not consider the leaking of its data to a criminal syndicate as hacking.
He also did not confirm whether the department believed the incident occurred due to an insider leaking information to Snatch.
It appears that SANDF is either extremely incompetent in investigating the attack and exfiltration of so much data or they are just flat-out lying because they are embarrassed. Either way, the country’s citizenry is not well-served by a government that denies the reality of what happened or attempts to deflect responsibility for the poor security practices that facilitated it.