Transnet

Transnet is a state-owned enterpriseheadquartered in South Africa that operates core logistics infrastructure across the country. Its primary activities include the management of container terminals at the ports of Durban and Cape Town, the operation of freight rail networks, and the oversight of pipeline systems for the transport of liquids and gases. These services support both domestic industry and international trade by facilitating the movement of bulk commodities, manufactured goods, and auto parts. The organisation’s mandate covers the provision of reliable port, rail, and pipeline linkages that connect producers with export markets and distribution centres.

In July 2021, Transnet experienced a cyber intrusion that disrupted its container terminal operations at Durban and Cape Town, causing website outages and halting cargo movement while its freight rail, pipeline, and other divisions continued to function. The attack delayed the processing of containers and auto parts, creating potential backlogs, although commodity exports were largely unaffected due to separate handling arrangements. Authorities treated the incident as unrelated to prior unrest‑related service interruptions. This event highlighted the vulnerability of the port‑focused segment of Transnet’s IT environment to external threats.

Earlier, in December 2017, unauthorized Monero cryptocurrency mining software was discovered on Transnet’s computer systems, having been automatically downloaded from the web before being removed. The episode prompted the company to introduce preventive controls to block similar illicit mining attempts and raised concerns about the impact of resource misuse on processing capacity. A company executive warned that such exploitation of corporate hardware could impair operational productivity, and cybersecurity experts warned of increasing covert mining targeting organisations globally. In February 2022, hacktivists associated with the Anonymous collective leaked approximately 79 gigabytes of internal emails and documents from a Russian state‑controlled oil pipeline entity, a breach that was recorded in Transnet’s known‑incident overview. The leaked material included discussions of international sanctions, invoices, and shipment records, and the attackers cited retaliation for Russia’s military actions in Ukraine as their motive. The incident was noted as an illustration of how hacktivist campaigns can intersect with corporate vulnerabilities during periods of geopolitical tension.