Cyber Incident Victim: Transneft
Date:
Jul 2021
Location:
South Africa
Summary
A cyber attack disrupted container operations at major South African ports, including Durban and Cape Town, causing halted cargo movements and website outages. The state-owned port and rail operator confirmed IT application disruptions but did not publicly attribute the cause, though internal sources identified a cyber incident. While commodities shipments remained largely unaffected due to separate port operations, delays impacted containers and auto parts, creating logistical backlogs. The disruption occurred amid unrelated prior service interruptions from civil unrest. Freight rail, pipelines, and other divisions operated normally despite the attack's effect on container terminals, which handle critical exports like minerals from neighboring countries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 22, 2021, a cyber attack disrupted container terminal operations at South Africa's state-owned Transnet, affecting critical ports including Cape Town and Durban. The attack occurred early that Thursday, compromising port operating systems and forcing a complete halt to cargo movements until restoration. Transnet's official website became inaccessible, displaying error messages, while internal IT applications experienced widespread disruptions. The company acknowledged the technical issues and initiated efforts to identify the root cause but declined to publicly confirm the cyber attack as the source. The Cape Town Harbour Carriers Association notified members via email that port systems had been compromised, explicitly attributing the shutdown to a cyber incident. Durban, sub-Saharan Africa's busiest shipping terminal, faced parallel disruptions according to three unnamed sources with direct operational knowledge. Transnet clarified that while container terminals were incapacitated, its freight rail networks, pipelines, engineering divisions, and property operations continued normal activities.
The incident caused immediate delays in container processing and auto parts shipments, though bulk commodity exports like minerals were largely unaffected due to segregated port zones. Industry sources warned the disruption would generate significant logistical backlogs requiring extended recovery time. This cyber attack followed unrelated physical disruptions to Transnet’s rail and port infrastructure from civil unrest during the preceding week, though authorities treated the events as separate. A government official stated an investigation was underway to confirm the attack’s nature, with findings to be disclosed upon completion. The disruption impacted regional supply chains beyond South Africa, as Durban serves as a primary export hub for copper and cobalt mined in the Democratic Republic of Congo and Zambia by major firms including Glencore and Barrick Gold. Transnet maintained operational continuity in its mineral transport rail lines during the incident, preventing broader commodity export interruptions.