A wave of anti-immigrant protests and attacks across South Africa has allegedly triggered a coordinated cyber retaliation campaign under the banner #OpSouthAfrica, with hacktivists claiming to have breached several national key point institutions.
The claimed cyber attacks, reportedly carried out by a Nigerian-based group calling itself “Nullsec,” have targeted the South African Civil Aviation Authority, SASSA (the country’s social grant network), and the Department of Correctional Services, according to cybersecurity experts.
Loyiso Boyce, cybersecurity expert and CEO at Claro, said the activity represents a continuation of long-standing hacktivist traditions rather than an entirely new phenomenon. He compared the structure to that of the global hacker collective Anonymous, describing it as a “mother body” with local subsidiaries that emerge based on geographic or political issues.
“Most cyber threats, whether through activism regardless of where you are globally, happen through identity compromise,” Boyce explained. “Somebody gets my genuine details and logs in with my details. Sometimes it’s just weak credentials — could be as simple as passwords not up to date.”
Boyce warned that South Africa faces fundamental structural vulnerabilities, noting that the country lacks sufficient cybersecurity personnel across municipalities and government departments. He pointed to a deeper concern about digital sovereignty, observing that much of the nation’s hardware, software, and even monitoring tools are not domestically produced.
“If the tools we are trying to monitor are not South African, and the auditing tools and monitoring tools we’re using are also not South African, and the hardware you are using to monitor is not South African — I’m not sure how much control we have as a country over our digital sovereignty,” Boyce said.
The expert emphasized the need for a layered security approach resembling an onion, including employee training, strong passwords, firewalls, application security, and AI-based network monitoring that establishes normal behavioral baselines to flag suspicious activity.
Boyce also noted that nation states sometimes become involved in such serious attacks, and that what was considered a complex attack 12 to 24 months ago can now be executed with ease due to the rise of AI and paid hacking services.
South Africa has experienced cyber breaches for an extended period, Boyce said, adding that while he does not discount the current claims, “we’ve been here before.”