NAM-CSIRT PROVIDES UPDATE ON PARATUS CYBER INCIDENT AND URGES STRENGTHENED SECURITY MEASURES
The Communications Regulatory Authority of Namibia (CRAN), which houses the Namibia Cyber Security Incident Response Team (NAM-CSIRT), acknowledged a significant cyber incident reported on 19 February 2025, involving Paratus Namibia Holdings Ltd. This incident was classified as a Level three (3) event, indicating a serious impact on the telecommunications sector and potential reputational damage at a national level.
The breach was identified following a report from Paratus, which revealed that a compromised internal user account led to disruptions in its 083 voice services and certain cloud-hosted environments. The breach was contained by Paratus Telecommunications (Pty) Ltd Namibia, and immediate action was taken to mitigate the impact, including isolating affected systems and engaging technical teams for investigation and recovery.
As was shared following the incident NAM-CSIRT initiated a thorough investigation into the incident, combining information provided by Paratus and independent threat intelligence sources and analysis. Notably, the Akira ransomware group was implicated in this attack, claiming to possess over 84GB of sensitive corporate data. However, as of now, no evidence has emerged to confirm the release of any data.
“Cybersecurity incidents of this nature pose significant challenges not only to the affected organisations, but also to our national infrastructure. We are working closely with Paratus to ensure that all necessary measures are taken to address this breach and safeguard the data of Namibian citizens,” stated Mr. Mufaro Nesongano, Executive: Communication & Consumer Relations at CRAN.
The breach originated from a legitimate internal account, a tactic employed by the Akira ransomware group, which exploits vulnerabilities in systems lacking multifactor authentication (MFA). Paratus activated its incident response procedures, disabled Virtual Private Network (VPN) access, and engaged international cybersecurity experts to enhance their response efforts. Preliminary assessments suggested that the affected services primarily include the 083 voice systems and certain operational records.
“In light of this incident, NAM-CSIRT urges all organisations to prioritise their cybersecurity measures by implement multifactor authentications for all accounts, regularly update and patch systems to protect against known vulnerabilities, conduct routine audits of user accounts and access controls, and maintain offline backups and invest in advanced cybersecurity solutions such as Extended Detection and Response (XDR, )Security Information and Event Management (SIEM), SOC functions to expedite the monitoring of anomalies and security alerts” added Mr. Nesongano.
NAM-CSIRT remains committed to transparency. Stakeholders are encouraged to report any cybersecurity incidents promptly, enabling timely responses and effective incident management. While Namibia is in the process of finalising its Cybercrime and Data Protection Law, CRAN and NAM-CSIRT remain dedicated to ensuring compliance with international best practices and will continue to support organisations in enhancing their cybersecurity resilience.
“NAM-CSIRT is dedicated to enhancing cybersecurity resilience across the nation. Our mission is to respond to and mitigate the impact of cybersecurity incidents while fostering collaboration among stakeholders,” concluded Mr. Nesongano.
The post NAM-CSIRT PROVIDES UPDATE ON PARATUS CYBER INCIDENT AND URGES STRENGTHENED SECURITY MEASURES first appeared on Future Media News.
The post NAM-CSIRT PROVIDES UPDATE ON PARATUS CYBER INCIDENT AND URGES STRENGTHENED SECURITY MEASURES appeared first on Future Media News.