This roundup delivers a curated snapshot of notable cyber incidents across Africa that may not have dominated headlines, yet are crucial to understanding the continent’s evolving threat landscape.
We compile these significant developments—spanning ransomware campaigns, server compromises, and data leaks—to provide a clear and timely picture of the risks facing public and private sector organisations alike.
By highlighting these incidents, we aim to equip readers, stakeholders, and decision-makers with the awareness needed to strengthen defenses, enhance preparedness, and foster a more secure digital environment across Africa.
Cyber Attacks Reported this Week
1.Devman Group Claims Ransomware Attack on Egyptian Electricity Holding Company
The Egyptian Electricity Holding Company (eegc.gov.eg) was confirmed as the victim of the Devman 2.0 ransomware attack. On July 13, 2025, the group hinted at a victim (e*.gov.eg) without naming it. By July 15, they identified the company and claimed to have stolen over 58 GB of data.
Source: Falconfeeds
2. CIBN Server Access Advertised for Sale by Threat Actor “Golia”
On July 15, 2025, a cybercriminal using the alias “Golia” listed RDP access for sale to servers allegedly belonging to the Chartered Institute of Bankers of Nigeria (CIBN). The listing offered full administrator access on a Windows Server 2019 hosting portal.cibn.org and its subdomains. The server, hosted in France, reportedly contains sensitive financial and personal data. Asking price was $330, negotiable.
Source: DarkwebInformer
3.Ransomware Attack Disrupts Operations at Otjiwarongo Municipality in Namibia
Otjiwarongo Municipality was reportedly targeted in a ransomware attack disclosed on July 15, 2025. A leak page features internal administrative data, suggesting operational compromise. No personally identifiable data has been confirmed, though a claim URL indicates the matter is under investigation.
Source: RedPacket Security
4.Mafate Business Enterprise in South Africa Hit by “d4rk4rmy” Ransomware Group
Mafate Business Enterprise, a South African mining supply company, was reportedly attacked by the ransomware group “d4rk4rmy.” The incident is believed to have affected the company’s operations.
Source: Hendryadrian
5. Adrian Kenya Targeted in Ransomware Attack Attributed to “Lynx” Group
Adrian Kenya, a telecommunications and infrastructure provider, was reportedly hit by a ransomware attack linked to the “Lynx” group. Evidence surfaced on July 15, 2025, showing internal company records, including invoices and operational data. The attackers listed the company’s income at 54,400,000 USD, with the leak viewed 19 times. No client data has been confirmed exposed.
Source: RedPacket Security
About Author
