National Treasury has confirmed the detection of malware on its Infrastructure Reporting Model (IRM) website, potentially linked to the recent global cyberattacks exploiting vulnerabilities in Microsoft SharePoint software.
In a statement released on Wednesday, 23 July, the treasury said the malware was identified on Tuesday afternoon within the IRM system, which is used for online infrastructure reporting and monitoring. The department promptly isolated the affected servers to assess the extent of the infiltration and mitigate any potential damage.
“Considering recent media reports since Sunday regarding security incidents affecting Microsoft platforms in the US, National Treasury has requested Microsoft’s assistance in identifying and addressing any potential vulnerabilities within its information and communication technology environment,” the statement read.
Despite the detection, the treasury emphasised that its wider IT systems and websites continue to operate normally, with no disruptions reported. National Treasury processes over 200,000 emails and manages more than 400,000 user connections daily, maintaining a high level of cybersecurity vigilance.
The malware discovery comes amid a wave of global cyberattacks targeting Microsoft SharePoint server software. Last weekend, Microsoft issued an emergency alert about “active attacks” exploiting a zero-day vulnerability, urging organisations to immediately apply security updates.
By Tuesday, security firms had confirmed that at least 100 servers across 60 organisations were compromised worldwide, including targets in South Africa. These breaches affected various sectors, including government agencies, energy, consulting, and universities.
