by Giuseppe Gagliano What the latest Kaspersky report on South Africa says
Kaspersky researchers released details of its latest threat intelligence reports on South Africa, including a cybersecurity company's analysis of APT groups in the country - major threat actors chasing sensitive information and finances. The company's telemetry showed that throughout 2021 entities in South Africa faced attacks from the North Korean Lazarus group and the Chinese-speaking group CloudComputating. Advanced Persistent Threats (APTs) are typically, according to Kaspersky, a nation-state or state-sponsored group of extremely stealthy high-level threat actors. In the vast majority of cases, they attack strategically important organizations with a target of cyber espionage and, in rarer cases, financial gain, as the cost of their cyber attacks is usually too high to turn it into financial profit. The Lazarus Group has been one of the most active threat actors in the world since at least 2009, known for their finance hunt and their particular interest in cryptocurrencies. In 2021, Kaspersky took over its business in South Africa. In 2021, the company pointed out that cryptocurrency-related cybercrime has exploded at all levels with the rise of bitcoin, especially in South Africa. In fact, cryptocurrencies present enormous interesting opportunities for a more inclusive accessibility of financial services, and in particular for the "non-banking" population. On the other hand, however, this potential is equally attractive to cybercriminals and threat actors. The Lazarus group does money laundering in cryptocurrencies, and therefore it is likely that African countries could be the object of their interest. CloudComputating, a Chinese-speaking group, is another threat actor, detected in the region for the first time, that has focused on cyber espionage attacks by government and diplomatic entities. Their presence is probably the result of the increase in economic activity in the region and trade along the Maritime Silk Road.