Cyber Incident Victim: South African National Space Agency

On September 9, 2021, the South African National Space Agency (SANSA) confirmed a data breach after compromised information appeared online. The incident involved CoomingProject, a newly emerged international hacking group that listed SANSA among its global victims. According to the group’s claims, they accessed and leaked agency data, though specific details about the compromised systems or intrusion methods were not disclosed. SANSA’s acknowledgment followed the initial appearance of stolen data on CoomingProject’s website, though the dataset was later removed from the platform. The breach drew wider attention when a separate 16-terabyte data dump surfaced on a Russian-language cybercrime forum on September 5, 2021, four days before SANSA’s public confirmation. This secondary leak was attributed to GhostSec, another threat actor group that claimed responsibility for both the attack and the data publication. The forum post indicated broader visibility for the stolen information beyond CoomingProject’s original disclosure channel.

The incident’s scope involved unauthorized access to SANSA’s digital infrastructure, resulting in the exfiltration of sensitive data. While the exact nature of the compromised records was not detailed in public reports, the 16 TB volume suggested extensive data theft. SANSA did not release information regarding operational impacts, financial losses, or specific mitigation steps beyond confirming the breach. The agency’s statement coincided with the disappearance of the data from CoomingProject’s site, though it remained unclear whether this removal resulted from SANSA’s actions or the hackers’ discretion. GhostSec’s forum post amplified the breach’s exposure within cybercriminal communities, potentially increasing risks of data misuse. No further details regarding forensic investigations, system restoration timelines, or regulatory notifications were disclosed publicly in the immediate aftermath.