Cyber Incident Victim: South African Weather Service

The South African Weather Service (SAWS) experienced a cyber attack beginning with an unsuccessful attempt on Saturday, 25 January 2025, followed by a successful breach that compromised its Information and Communication Technology (ICT) systems on Sunday evening, 26 January 2025. The attack forced SAWS into unscheduled downtime, disrupting core weather, climate, and administrative operations. Critical services including aviation and marine weather forecasting were initially impacted, along with email communications and public access to the SAWS website. The organization promptly activated alternative communication channels, directing the public to rely on its social media platforms for weather updates while advising stakeholders of the breach’s operational consequences. SAWS reported the incident to relevant authorities and confirmed the attackers used malware to encrypt its systems, though essential meteorological services like severe weather alerts were maintained through manual or non-digital methods during the outage.

By 10 February 2025—two weeks post-incident—SAWS remained engaged in restoration efforts led by external cybersecurity specialists and internal ICT technicians working on-site. CEO Ishaam Abader stated the team prioritized removing the encryption malware and recovering data from backups before gradually reactivating the network. The prolonged downtime affected routine services, with multiple media outlets reporting interruptions in daily weather forecast deliveries, while some stakeholders requested detailed briefings on the breach’s scope and remediation progress. SAWS emphasized its commitment to resolving the incident but acknowledged full system recovery would require additional time, without specifying a completion date or confirming data theft. No threat actor claimed responsibility, and SAWS did not disclose technical details of the attack vector or whether ransomware demands were involved.