What You Need To Know:
Last week, the South African Department of Defense was hit by a hacker group initially thought to be SNATCH, which utilises ransomware to gain access to sensitive servers. However, with more information on the attack released, the group actually behind the attack is the ‘Security Notification Attachment’ or SNAtch.
In contrast to the group responsible for the aforementioned hit, SNATCH the ransomware project originally thought to be behind the attack was established in 2019 and existed for about 2 years, although some more recent ransomware attacks have been attributed to them, these claims have not been verified.
This particular group (SNAtch) specialises in leaked sensitive data and believes that in order to “solve the issue of computer security of the attacked company it is necessary not to pressure with threats to completely stop the functioning of the company. But make the voluntary obligation of the managers of the company for data leaks, network architecture leaks and leaks of the personal data of the companies management.”
Furthermore, SNAtch claims “in addition to payment it is important for us that the company’s management realises its responsibility for its customers and re-equips the network perimeter on a full scale. Otherwise, these leaks will happen year after year.”
Still A Major Threat:
The group’s actions have still shaken the leadership of South Africa, with those with South African IP addresses unable to access SNAtch’s site, on which many of the leaked files are posted.
After being asked for comment the group stated, “The attack on the South African Republic began back in 2022. In the fall. A vulnerability was discovered in the Defense Department network. Before the attack began we published on our resource an extracted file with the data of employees and their call signs. We used data from this to call employees with a message about the vulnerability. We were simply ignored, although the call sign of the person with whom we tried to establish communication was an indicator of the breach itself. After that, we launched a large-scale attack on the resource. About 1.6 TB of information was extracted, mostly personal data of Defense Ministry employees, military personnel, and weapons contracts. And we put away all this for a while. We remembered about it only in the summer of 2023 and again tried to bring the information about the breach and already downloaded data of the Ministry of Defense, Cabinet of Ministers and of the President of the country in person. But we have faced a complete misunderstanding of the situation and the position that “if my personal laptop is not hacked, I don’t care”. During this time the network perimeter has not been changed, the same gaps have remained until now. Only because of the current large amount of more important and interesting work we do not continue attacking and extracting additional information from the network. Although, we know that there is much more information about illegal mining, agent networks, secret service employee data, and correspondence of high-ranking officials including their international supervisors. We’re probably going to put active directories in the open access, as we have already done many times. We will provide anyone who wants to dig into all this information the opportunity of further publication on our resources.” Adding, “As you can see we have nothing to do with Snatch Ransomware. We are Security Notification Attachment and deal only with data leakages.”