Cyber Incident Victim: Central Bank of Lesotho

On December 11, 2023, the Central Bank of Lesotho (Banka e Kholo ea Lesotho) publicly disclosed a cybersecurity incident affecting its systems. The bank initiated an immediate investigation into the breach upon detection and implemented continuous restoration efforts to recover compromised infrastructure. While the institution confirmed no financial losses occurred, it suspended portions of its operational systems as a containment measure to prevent further unauthorized access. This precautionary action resulted in disruptions to payment processing services, potentially causing delays for customers and stakeholders. The bank emphasized its commitment to resolving the incident through round-the-clock remediation work aimed at restoring normal operations. Public communications stressed the stability of the financial system despite the attack, seeking to maintain confidence in the institution’s overall security posture.

The incident prompted the bank to prioritize system integrity assessments and recovery protocols while maintaining limited functionality for critical services. Operational impacts centered on delayed payment transactions due to the deliberate suspension of affected systems, though the bank did not specify the duration of expected delays or the exact scope of compromised infrastructure. No details regarding the attack vector, threat actor identity, or data exfiltration were disclosed in the public statement. Restoration efforts focused on returning systems to standard operational status, with the bank directing public inquiries to a designated contact number for updates. The announcement concluded with reassurances regarding the ongoing containment measures and the absence of financial harm, framing the incident as a temporary disruption rather than a systemic failure.