Cyber Incident Victim: Malawi Immigration Service
Date:
Jan 2024
Location:
Malawi
Summary
A cyber-attack targeting Malawi's immigration service caused a national security breach, prompting suspension of passport issuance after officials initially cited technical issues. The attackers demanded ransom, but authorities refused payment while developing temporary and long-term solutions to restore services and enhance system security. This incident exacerbated existing public frustrations over persistent passport processing delays, which historically stemmed from booklet shortages, foreign currency constraints, and contract termination controversies. The attack left citizens unable to obtain or renew travel documents, severely restricting international movement without clarity on potential data compromises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Malawi's government publicly confirmed a cyber-attack targeting the Malawi Immigration Service's computer network, which President Lazarus Chakwera characterized as a "serious national security breach." The attack disrupted the issuance of passports nationwide, with officials initially attributing the two-week suspension preceding the announcement to a "technical glitch" before Chakwera disclosed the hacking incident to parliament on January 31. The president revealed that unidentified hackers had demanded a ransom but stated the government would neither pay nor negotiate, emphasizing a policy against "appeasing criminals with public money." Chakwera directed the immigration department to implement a temporary solution within three weeks to resume passport services while authorities worked to regain system control, with plans to develop a long-term solution incorporating additional security safeguards. The cyber-attack's operational specifics—including intrusion vectors, data compromise scope, or attacker identity—remained undisclosed, leaving personal data security implications unaddressed publicly.
The suspension exacerbated existing challenges in Malawi's passport issuance system, where high demand persists due to many young citizens seeking overseas employment opportunities. This incident followed previous disruptions, including a 2023 pause caused by passport booklet shortages linked to foreign currency deficits and a 2021 contract termination with a passport service provider over alleged irregularities. Public frustration mounted over persistent delays, with citizens historically citing application backlogs and corruption allegations. As of the announcement, individuals without valid passports—including those with expired documents—faced travel prohibitions, with no timeline provided for full system restoration beyond the three-week interim measure directive. The government did not indicate whether ancillary immigration functions beyond passport processing were affected by the attack.