Cyber Incident Victim: Malawi
Date:
Jan 2024
Location:
Malawi
Summary
A cyber-attack targeted Malawi's immigration service, prompting the government to suspend passport issuance and declare a serious national security breach. Hackers demanded ransom, but authorities refused to negotiate, prioritizing system recovery and implementing temporary solutions to resume services within weeks while developing enhanced long-term security measures. The incident exacerbated existing public frustrations over persistent passport delays, previously attributed to technical issues and supply shortages, leaving citizens unable to obtain travel documents. No details were disclosed about potential data compromises or the attackers' identity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Malawi’s government publicly confirmed a cyber-attack targeting its immigration service’s computer network, forcing the suspension of all passport issuance operations. President Lazarus Chakwera characterized the incident as a “serious national security breach” during an address to parliament, revealing that unidentified hackers had demanded a ransom payment. The government refused to negotiate or pay, asserting it would not “appease criminals with public money.” Officials disclosed the attack had already disrupted services for two weeks prior to the announcement, initially attributing the outage to an unspecified “technical glitch.” The attack paralyzed the immigration department’s ability to process passports, directly impacting citizens seeking to travel abroad, particularly young Malawians pursuing job opportunities overseas. President Chakwera mandated a three-week deadline for the immigration department to implement a temporary solution to resume limited passport services while authorities worked to regain control of compromised systems. A long-term solution involving enhanced security safeguards was announced but not detailed. No information was provided regarding the attack vector, the ransom amount, potential data breaches, or the identity of the threat actors.
This incident exacerbated existing systemic challenges within Malawi’s passport issuance framework. Prior disruptions included a 2023 suspension caused by shortages of passport booklets linked to foreign currency scarcity and a 2021 termination of a passport contract with a private vendor due to alleged irregularities. Public frustration mounted over persistent delays, with citizens raising concerns about backlogs and corruption in the application process. The cyber-attack left individuals without valid passports unable to obtain replacements, effectively barring international travel. The government did not clarify whether personally identifiable information was compromised during the breach. Historical operational vulnerabilities, combined with the immediate cyber disruption, underscored the criticality of passport services for Malawians seeking economic opportunities beyond national borders. Authorities focused on restoring functionality without addressing questions about attack attribution or data security implications.