Cyber Incident Victim: State Information Technology Agency
Date:
Aug 2015
Location:
South Africa
Summary
Anonymous breached a South African government IT contractor, compromising servers and leaking confidential data including user credentials, personal details of officials, and internal databases. The attack, part of #OpMonsanto and #OperationSA, targeted the agency to protest Monsanto's influence and human rights issues, exposing sensitive information previously undisclosed online.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 12, 2015, the State Information Technology Agency (SITA), a South African government IT contractor, suffered a breach by Anonymous hacktivists operating under the #OperationSA and #OpMonsanto campaigns. The attackers compromised SITA's online servers and exfiltrated confidential data, subsequently leaking it publicly in four distinct segments. The first three segments contained SITA website databases, including full names, usernames, email addresses, plaintext and encrypted passwords, physical addresses, and phone/fax numbers belonging to officials and registered users. The fourth segment specifically exposed email addresses, full names, and phone numbers of South African parliamentarians and other government officials. Analysis by cybersecurity journalists confirmed the authenticity of the leaked data, noting it had not previously been disclosed online. The breach methodology was not detailed in available sources, though the attackers demonstrated prior capability through compromises of Israeli arms dealer databases.
Anonymous claimed responsibility for the attack in communications with media outlet HackRead, citing opposition to Monsanto's agricultural influence in South Africa and protesting human rights abuses and internet censorship laws. The group characterized the breach as an act of solidarity with South African citizens, explicitly stating their intent to challenge Monsanto's "poisonous food products" and government policies restricting digital freedoms. The incident exposed sensitive authentication credentials and contact information of government personnel, creating immediate risks of credential reuse attacks and targeted harassment. No statements from SITA or South African authorities regarding containment measures, forensic findings, or remediation efforts were documented in the disclosed source material. The attackers' operational security precautions included requesting media outlets refrain from publishing their Twitter handle to avoid identification.