The Namibia Cyber Security Incident Response Team (NAM-CSIRT) says it is supporting Telecom Namibia in addressing a recent cyber attack on its infrastructure while reinforcing efforts to strengthen Namibia’s national cybersecurity capacity.
This comes after Telecom Namibia fell victim to a ransomware attack orchestrated by a group known as Hunters International. The attackers exfiltrated an estimated 626.3GB of data, comprising 492,633 files containing hundreds of sensitive customer records, including IDs, addresses, and banking details according to IT risk expert, Thomas Hamata, which were leaked after the telco failed to meet a set ransom deadline.
NAM-CSIRT, established by the government, has a mandate that includes managing cyber events and contributing to the security and stability of Critical Infrastructure (CI) and Critical Information Infrastructure (CII). Currently housed at the Communications Regulatory Authority of Namibia (CRAN), it serves as Namibia’s national focal point for coordinating cybersecurity incidents.
“The Communications Regulatory Authority of Namibia (CRAN) acknowledges reports of a data exfiltration attack on one of Namibia’s telecommunication operators. Through the Namibia Cyber Security Incident Response Team (NAM-CSIRT), CRAN promptly responded upon identifying the attack and continues to support the affected operator in mitigating its impact,” the telecommunications sector regulator said on Sunday.
In fulfilling its mandate, NAM-CSIRT, according to CRAN, has directly engaged Telecom Namibia, shared its findings, and facilitated discussions regarding the incident.
“This process encompasses key phases: preparation, identification, containment, eradication, recovery, and lessons learned. NAM-CSIRT remains committed to supporting the operator in addressing the breach and strengthening national cybersecurity capacity,” CRAN said.
CRAN CEO and NAM-CSIRT Head Emilia Nghikembua emphasized the critical importance of protecting Namibia’s Critical Infrastructure (CI), Critical Information Infrastructure (CII), and consumer data.
“NAM-CSIRT has been working diligently with Telecom Namibia to ensure all necessary measures are taken to contain and address the breach. This attack serves as a stark reminder of the evolving cyber threats facing our nation and the need for vigilance and collaboration,” Nghikembua said.
Although Namibia does not yet have dedicated Cybercrime and Data Protection legislation, CRAN ensures compliance with international best practices. NAM-CSIRT continues to urge operators and owners of CI and CII to adopt globally recognized cybersecurity standards such as encryption, regular security assessments, and proactive risk management strategies.
“Protecting our national critical infrastructure requires collective action, strategic planning, and a commitment to global standards. Stakeholders must invest in proactive cybersecurity measures and swiftly report any incidents to NAM-CSIRT to ensure timely and effective intervention,” Nghikembua stressed.
To mitigate future risks, NAM-CSIRT recommends implementing multifactor authentication, timely software updates, regular vulnerability scans, and robust network segmentation.
“Securing access controls and deploying advanced detection and response tools are also essential for early threat identification. This incident highlights the increasing cyber risks confronting CI and CII and the need for coordinated efforts to safeguard national assets. CRAN, through 3 NAM-CSIRT, remains dedicated to responding to cybersecurity incidents and assisting stakeholders in mitigating their impact.”
