The hackers replaced government websites with notices the sites had been “Attacked by Yemeni Hackers” along with a photo of a man with a machine gun and a headscarf. Image: Giovana Fleck/Global Voices
Mozambique was surprised [1] by the news that various government portals had been tampered with by a group of computer hackers on February 21, 2022. The main pages for numerous government websites [2] had been replaced with notices saying the pages were “attacked by Yemeni hackers,” paired with an image of a man with a machine gun and a headscarf. Officials have not yet identified the perpetrators or determined their motivation for the attack.
Website do SENAMI entre outros do Governo hackeados. Vai doer. pic.twitter.com/ortNXcC36n [3]
— Ernânio Mandlate (@ernanio) February 21, 2022 [4]
SENAMI website among others hacked by the Government. It will hurt.
According to the news portal A Carta [5], the entire web apparatus of the Mozambican government is managed (and hosted) by the National Institute of Information and Communication Technologies of Mozambique (INTIC [6]), the body responsible for regulating, supervising, and inspecting the Information Technology and Communication (ICT) sector.
While the attack temporarily suspended all operations on the sites, the Director-General of the National Institute of Electronic Government (INAGE), Hermínio Jasse, said [7] that all the portals were operational again the same day.
O Director-Geral do Instituto Nacional do Governo Electrónico (INAGE), Ermínio Jasse, disse hoje em conferência de imprensa que os portais do Governo que foram alvo de ataques de “hackers” já se encontram operacionais. Na ocasião, o Director explicou que não houve perda de informação e que todo o conteúdo dos portais é de consumo público.
The Director-General of the National Institute of Electronic Government (INAGE), Ermínio Jasse, said today at a press conference that the Government portals that were the target of hacker attacks are operational again. On the occasion, the Director explained that there was no loss of information and that all the content of the portals is for public consumption.
According to the Director-General of INAGE, the main concern [8] after detecting the problem was to make a “quick diagnosis” of the damage. The investigation revealed the site content remained intact, though in the hacker’s announcement, they said that data had been extracted and would be sold at a low price. So far, there is no evidence to support this claim, and little or nothing is known about the actual leakage of such data.
However, the solution [7] lasted only for 24 hours. On the morning of the next day, February 22, the same websites became inoperable again — this time, the hackers posted a ransom request in exchange for the government site data. It is not yet known whether they will be recovered again and what measures will be taken to prevent future attacks.
On the subject, the director of the National Company of Science and Technology Parks (ENPCT), Julião Cumbane, said [9] that this problem stems from the lack of preparation of Mozambican institutions in the security of their data.
GOVERNO de Moçambique sob ATAQUE CIBERNÉTICO?!?!… Nós andamos insistentemente dizendo às instituições e empresas (públicas e privadas) que DEVEM ter CÓPIAS de SEGURANÇA dos seus DADOS e SISTEMAS INFORMÁTICOS em lugar seguro e somos IGNORADOS por quem nos deviam ouvir. E agora?
The GOVERNMENT of Mozambique under CYBER ATTACK?!?!… We are insistently telling institutions and companies (public and private) that they MUST have BACKUP COPIES of their DATA and COMPUTER SYSTEMS in a safe place and we are IGNORED by those who should listen to us. And now?
ATENÇÃO AOS E-MAILS COM LINKS MALICIOSOSA CTA vem através deste comunicar que o seu domínio de e-mail foi clonado e estão a ser enviados e-mails com links maliciosos. Por favor, não clicar nesses links enquanto decorre um trabalho interno de limpeza. Logo que estiver concluído iremos informar. Obrigado pela compreensão.
ATTENTION TO E-MAILS WITH MALICIOUS LINKS
The CTA comes through this to communicate that your email domain has been cloned and emails with malicious links are being sent. Please do not click on these links while internal cleanup work is in progress. As soon as it's finished, we'll let you know. Thank you for understanding.