Attackers declaring themselves to be the hacking group N4ughtySec, who previously targeted South Africa’s credit bureaus, say they have stolen over R175 million from the South African Social Security Agency (Sassa).
The group said they extracted the funds by creating over 100,000 new bank accounts, which they achieved by breaching credit bureau XDS, as well as further exploiting TransUnion and Experian.
“As promised, the N4aughtysecGroup has attacked government departments, the latest being Sassa,” they said.
“We have been hard at work rolling out our promises,” N4ughtySec continued.
“We have entered the systems of the credit bureaus. We successfully hacked and used the compromised data sets and backend systems to attack the South African government and local organizations.”
Although the group told MyBroadband that breaching XDS was a major component of its latest attack, it still took aim at TransUnion.
“We did warn TransUnion that failure to pay our ransom would result in ultimate destruction. We are deeply infiltrated into the governments and bank systems,” they said.
“We are releasing all the data of Sassa in the next 48 hours.”
A group calling themselves N4ughtySecTU first attacked TransUnion in March 2022, exfiltrating the data of 5 million consumers and exposing the ID numbers of a further 5.2 million people.
N4ughtySecTU demanded $15-million (R224 million at the time) in cryptocurrency to return the data.
TransUnion refused to pay, explaining that it would set a bad precedent and that there was no guarantee N4ughtySecTU wouldn’t post the data anyway.
The group released the data they had stolen online and disappeared.
N4aughtySecGroup emerged in 2023 demanding a $30-million (R530 million) ransom each from TransUnion and Experian or face having all their client data leaked.
The group said they never left South Africa and had retained constant access to TransUnion and Experian’s systems.
This same group is now back with an explosive claim — that they have exploited vulnerabilities in Sassa that have previously been reported and extracted money via the South African banking system.
“We cracked the Sassa systems using data and backend access from our hacks into Transunion, Experian, and XDS,” they said.
“We have infiltrated the banks and opened over 100,000 accounts and continue to do so.”
N4ughtySec expressed respect for the recent work by two Stellenbosch University computer science students, Joel Cedras and Veer Gosai, in uncovering massive fraud in Sassa’s systems.
“They are true heroes. They stand for what we fight for,” a N4ughtySec spokesperson told MyBroadband.
