Cyber Incident Victim: Malawi Immigration Service
Date:
Apr 2022
Location:
Malawi
Summary
The Platform for Investigative Journalism website experienced a cyberattack resulting in prolonged downtime, occurring shortly after Malawi Police detained its managing director and seized his devices. Media advocacy group MISA Malawi implicated state agents in the hack, citing the police's prior actions as compromising cybersecurity and violating privacy laws, while condemning the incident as an assault on press freedom and access to information. Police denied involvement, disputing the allegations as unsubstantiated and urging collaborative efforts to identify and prosecute those responsible. The organization worked to restore full functionality to its platform amid ongoing concerns over institutional intimidation targeting journalists.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The hacking of the Platform for Investigative Journalism (PIJ) website (investigativeplatform-mw.org) occurred on April 14, 2022, with the site remaining inaccessible for many hours through April 15. This cyberattack followed the April 5 detention of PIJ Managing Director Gregory Gondwe by Malawi Police Service (MPS) officers, who confiscated his computer and phone overnight. Media Institute of Southern Africa (MISA) Malawi Chairperson Teresa Temweka Ndanga publicly connected these events, stating the police's prior seizure of equipment raised privacy concerns that appeared validated by the subsequent website compromise. MISA Malawi explicitly accused state agents of orchestrating the attack, citing the nine-day gap between Gondwe's interrogation and the website disruption as evidence of intentional targeting rather than coincidence. The organization characterized the incident as both a criminal violation of Malawi's 2016 Electronic Transactions and Cyber Security Act—which prohibits hacking and carries penalties of fines and seven-year imprisonment—and an infringement on constitutional privacy protections under Section 21.
Technical recovery efforts restored partial website functionality by April 16, though PIJ acknowledged ongoing restoration work. MISA Malawi framed the attack as part of a broader pattern of state intimidation against journalists, warning that such actions damaged Malawi's democratic reputation and press freedom standing. The police issued a formal denial through Deputy Spokesperson Harry Namwaza, rejecting allegations of involvement as unsubstantiated and emphasizing their legal mandate to investigate individuals during criminal probes. While demanding accountability for the hacking and Gondwe's equipment seizure, MISA Malawi simultaneously called for solidarity from human rights organizations, foreign diplomatic missions, and legal professionals to safeguard media operations. No forensic details regarding attack vectors, data compromise, or perpetrator identification were disclosed publicly by either PIJ or investigating authorities during the immediate aftermath period documented in available reports.