Team CryptoInsightfull 
A cyberattack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies.
The website for SAWS has been down since Sunday evening, according to a statement posted to social media. SAWS has had to use Facebook, X and other sites to share daily information on thunderstorms, wildfires and other weather events.
SAWS said its Information and Communication Technology (ICT) systems went down “following a security breach by criminal elements.”
“Aspects of critical services including aviation and marine have been interrupted. In addition, the SAWS’ email system and website, which is the hub of critical weather information, have been affected,” the organization said.
“However, alternative ways of disseminating important information such as the weather forecasts have been put in place. The SAWS’ ICT service providers have been on site since the attack not only to investigate the breach, but also to explore both interim and long-term ways of restoring the collapsed systems and eventually services.”
SAWS urged citizens to monitor social media and said it is in the process of reporting the incident to law enforcement.
The organization noted that the cyberattack was “the second in the space of two days after the initial attempt on the evening of Saturday, January 25, 2025 failed.”
SAWS is also critical regionally, providing weather-related information to allied nations nearby like Mozambique, Zambia and others.
The SAWS website was still down as of Wednesday afternoon. SAWS CEO Ishaam Abader will be speaking about the cyberattack on Thursday morning.
No ransomware gang has taken credit for the attack. Despite having strong ties to Russia — where many ransomware gangs are based — South Africa continues to face a barrage of attacks that have damaged public institutions.
During an outbreak of mpox last summer, the country’s national lab service was paralyzed for weeks following a ransomware attack that limited access to test results and more. South Africa’s government workers pension organization was also hit with ransomware last year.
The country’s Defense Department was attacked by a ransomware gang in September 2023 and it nearly caused an international incident because it took place during an already controversial BRICS Summit in Johannesburg.
The gang leaked the personal phone number and email of the country’s president alongside a portion of the 1.6 terabytes of data stolen from the country’s defense systems. The government initially denied the attack before admitting that a breach did occur.
The state-owned Development Bank of Southern Africa was hit by ransomware in 2023 as well.
Recorded Future
Intelligence Cloud.
