South Africa Actively Targeted by Nullsec Nigeria

What Happened

On May 15, 2026, a member of the Nigerian hacktivist group Nullsec Nigeria published a post claiming they had successfully compromised a South African government entity. The group named the operation OpSouthAfrica and stated their motive directly:

"Due to the xenophobic attack that the South African has made killing innocent Nigerians and the government didn't say anything (the government of South Africa)"

Alongside this statement, Nullsec Nigeria claimed that additional attacks were ongoing and named the following organisations as victims:

• SARS — South African Revenue Service
• SITA — State Information Technology Agency
• ProWellness

SITA subsequently released a public statement confirming that their internal investigations found no evidence of compromise to their systems.

What to Look Out For

Even where a direct breach is unconfirmed, the exposure of email addresses and passwords creates real risk for the individuals whose credentials appeared in the data. If your details were included, you should be alert to:

• Phishing emails that appear to come from SARS, SITA, or affiliated government services
• Suspicious or unrecognised login activity on online platforms linked to your affected email address
• Attempts to access other accounts using the same password, known as credential stuffing

How to Protect Yourself

If your account appeared in the leaked data, take the following steps immediately:

• Reset your password on the affected platform and use a strong, unique password you have not used elsewhere
• If the same password was reused on any other accounts, reset those immediately as well
• Enable Multi-Factor Authentication (MFA) on all accounts where it is available, this prevents attackers from accessing your account even if they have your password
• Monitor your inbox for unusual messages and report any suspicious communications to the relevant organisation