Cyber Incident Victim: Banco Nacional de Angola
Date:
Jan 2024
Location:
Angola
Summary
The National Bank of Angola mitigated a cybersecurity incident affecting its technological infrastructure, reporting no significant impacts on operations or data. Services were restored securely and controllably, with the institution emphasizing its commitment to maintaining financial system stability and operational resilience. While no group claimed responsibility, historical context includes a 2022 offer for unauthorized access to the bank's systems on a cybercriminal forum. The incident aligns with broader regional targeting, as other Angolan financial entities and state-owned banks across multiple countries have faced similar cyberattacks in recent years.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 6, 2024, the National Bank of Angola experienced a cybersecurity incident that prompted an official response from the institution. The bank, headquartered in Luanda and responsible for managing over $10 billion in assets for Angola’s population of approximately 35 million, publicly addressed the event in a statement released on January 9, 2024. It characterized the attack as having been successfully mitigated "without significant impacts on its infrastructure and data," emphasizing that core operations remained intact. Following the incident, the bank implemented controlled access measures to its technological infrastructures to ensure the continued provision of institutional services. These actions were framed as part of its mandate to maintain the stability and operational resilience of Angola’s financial system, which generates approximately $600 million in annual revenue for the bank. The statement reaffirmed the institution’s commitment to upholding security standards, data integrity, and system availability across Angola’s financial sector, noting that all systems were operating normally post-incident.
No threat actor claimed responsibility for the January 6 attack as of the bank’s public disclosure. However, historical context indicates prior targeting of the institution, with a 2022 post on the cybercriminal forum Exploit offering access to the bank’s systems for sale at an undisclosed price. The incident aligns with broader regional targeting of financial institutions, as evidenced by leaks involving smaller Angolan banks on the now-defunct Black Cat/AlphV ransomware group’s data breach site. The same group had previously claimed an unconfirmed September 2023 attack against Angola’s national electric utility, Empresa Nacional de Distribuição de Electricidad. This pattern mirrors cyber incidents affecting other state-owned financial entities globally, including the Central Bank of Lesotho, the Development Bank of Southern Africa, the National Bank of Pakistan, and the central banks of Russia and Bangladesh in recent years. The National Bank of Angola’s public assurances focused exclusively on technical containment and systemic continuity, without disclosing specific attacker methodologies, data compromise details, or forensic findings.