Cyberattack disrupts the operations of Transnet, a major railway and pipeline company

After multiple reports and rumors, Transnet Port Terminals (TPT) confirmed a cyberattack that affected its entire it infrastructure. As some will recall, Transnet Group is the operator of state ports in South Africa, operating as a state monopoly.

The company is trying to minimize the incident and downplay it, describing it as a simple outage incident on some systems. However, a letter to the company’s customers describes this attack as “a cyberattack for the purposes of intrusion and sabotage.”

In this regard, the state-owned company issued an emergency declaration entitled “Declaration of force majeure for Transnet port terminals container terminals at the ports of Durban, Ngqura, Port Elizabeth and Cape Town: confidential notice to customers”. This alert was signed by TPT’s chief executive, Velile Dube.

A leaked copy of this document appears to confirm that the company has suffered a severe blow to its operations, as TPT is the main division of Transnet Group. TPT operates the container delivery facilities in Durban, the largest container port on the African continent, as well as the container terminals in Cape Town and the ports of Ngqura and Port Elizabeth in the Eastern Cape.

On Monday morning it was confirmed that Transnet was fulfilling its sixth day of interruptions. Apparently, it’s it system managers at the company were trying to keep operations online manually, though eventually these efforts became unsustainable.

This morning, a Representative of Transnet released a new statement mentioning that the company has made significant progress in restoring the affected systems: “Some applications are expected to continue to present some flaws in the coming days. All affected systems will be recovered in a phased manner to minimize potential failures or further outages.”

So far it is unknown what kind of cybersecurity incident was detected on Transnet. It was initially thought that this could be linked to a ransomware attack, although there is no known evidence to confirm or deny this hypothesis.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.