Skip to content

Search the site

Transnet hacked: IT incident at South African freight giant hits operations

Port traffic being monitored manually, as trucks queue.

Updated 11:43, July 28, 2021

South African ports and freight giant Transnet has acknowledged it is facing a major IT incident that has forced the shutdown of container terminals, after its centralised container management system NAVIS was knocked offline. The incident has all the hallmarks of a ransomware attack, although the company has yet to confirm as much. Transet's websites were all also down as The Stack published.

Trucks were reported queing at Durban port, one of the country's primary trade arteries after the incident. Transnet runs port infrastructure and marine services at South Africa's eight major commercial seaports. It is also one of the world's largest publicly owned heavy rail freight operators and runs a major oil and gas pipeline network across the country. Transnet confirmed it had halted operations at container terminals.

Transnet hacked, sources tell Reuters

"Transnet is currently experiencing a disruption in some of its IT applications, and the source of this problem is being identified", the company said in a statement shared on Twitter at 11:32 BST.

It added: "All business continuity plans have been activated. Operations across the group are continuing, with the freight rail, pipelines, engineering, and property divisions reporting normal activity.

"Port terminals are operational across the system, with the exception of container terminals, as the NAVIS system on the trucking side has been affected."

("Navis is aware of the situation at Transnet and is in close contact with the Transnet team as they work to identify and isolate the cause of the disruption and restore operations. While the source of the disruption is not related to Navis, as a precautionary measure Transnet shut down all systems, including the servers running the N4 terminal application," software company Navis said.)

Blaming "inclement weather conditions" for the halt of terminal operations on the country's Eastern Cape, meanwhile, Transnet said "the ports authority continues to operate and vessels moving in and out of the port are being recorded manually." Reuters cited three sources as confirming a cyberattack.

The incident caps a torrid few weeks for the company, which was forced to declare force majeure on July 12 -- suspending terminal operations in both the ports of Durban and Richards Bay -- amid violent protests in the wake of the imprisoning of former president Jacob Zuma.

Updated 11:43, July 28, 2021

Transnet says it has made "significant progress" in restoring IT systems with most appplications running again by Monday 26, and expects to lift force majeure soon. Arguably unusually in 2021, the company has declined to reveal any details about the nature of the incident whatsoever. The company switched to manual operations for much of its infrastructure after the incident.

See also: 6 free cybersecurity tools to consider