An alleged breach of SANDF computer systems by hacking group SNATCH appears to be authentic, according to a Daily Maverick investigation with cybersecurity researchers.

The cyberattack group claimed to have penetrated SANDF systems on 21 August, before publishing on its Telegram channel the personal contact details of high-ranking political and SANDF officials, including those of President Cyril Ramaphosa.

The group alleges to have stolen some 200TB of data, and has uploaded 1.6TB to date.

In the wake of SNATCH’s claims, the SANDF initially responded with a firm denial that its systems or data had been compromised. However, subsequent developments appear to have forced it to acknowledge, albeit reluctantly, that there may be an issue.

‘It can be confirmed that the system of the Department of Defence has not been hacked,’ the SANDF said on 2 September.

‘This is the work of criminal syndicates within the cyberspace, aided through information leaked from the department.’

An investigation by Daily Maverick in collaboration with cybersecurity analysts allowed a glimpse into the leaked data, which seemed to contradict the SANDF’s statement that the information had merely been ‘leaked’.

The findings overwhelmingly point to the data’s authenticity, with the sheer scale of the data available pointing to a wide-ranging scrape of multiple personal computers and servers linked to the SANDF, rather than a single person distributing the data.

The exposed documents encompass a wide spectrum, including complete email archives of high-ranking Defence Force members, intricate payroll documentation, ongoing litigation records against the SANDF, sensitive procurement orders and memoranda of strategic importance exchanged between SA and other nations.

Among the trove of data that cybersecurity researchers in contact with Daily Maverick have had sight of are classified documents never meant for public consumption.

These include the Defence Force’s comprehensive record of police cases opened against SANDF members during the Covid-19 lockdown enforcement, as well as an in-depth geopolitical analysis of Mozambique, seemingly prepared in anticipation of SANDF deployment in support of the Southern African Development Community Mission in Mozambique.

Further startling discoveries in the leaked data are many files classified according to the Minimum Information Security Standards.

The data encompasses documents marked as Secret, Confidential, and Restricted, clearly intended for internal use within the SANDF only.

These include meeting minutes between high-level officials, as well as unit orders and logs detailing the loss of armaments and ammunition.

Full Daily Maverick report