South Africa’s National Treasury has confirmed a malware intrusion on its Infrastructure Reporting Model (IRM) website, the government’s central system for tracking infrastructure projects.
The attack, discovered on Tuesday, prompted immediate action to isolate the compromised servers and assess the extent of the damage.
The IRM platform is a critical government tool used nationwide to monitor and track infrastructure projects.
The department announced the breach in a statement on Wednesday, noting it is working with Microsoft to investigate potential vulnerabilities.
This move comes amid global concerns following recent cyberattacks targeting Microsoft platforms in the United States.
IRM website compromised amid global Microsoft security breach
The IRM platform is a key online tool for monitoring infrastructure development nationwide. National Treasury acted swiftly by isolating the affected servers to prevent further spread and to protect the integrity of its broader Information and Communication Technology (ICT) systems.
“Considering recent media reports since Sunday regarding security incidents affecting Microsoft platforms in the United States, National Treasury has requested Microsoft’s assistance,” the department said.
The attack coincides with a wave of international cyber-espionage campaigns exploiting vulnerabilities in Microsoft server software—raising concerns about the ripple effect on public systems globally, including in South Africa.
Despite the breach, Treasury assured the public that all other systems and websites function normally. No service disruptions have been reported so far.
Cybersecurity measures in place as threat landscape grows
National Treasury’s ICT team is central in defending government digital assets from cyber threats. On average, the department processes over 200,000 emails daily and manages over 400,000 user connections to its platforms.
Its cybersecurity systems detect and block around 5,800 threats, including phishing emails, malware attacks, and spam, every day, highlighting the persistent attempts to compromise government data.
“The department remains committed to safeguarding its digital environment through proactive threat detection and response protocols,” Treasury said.
These preventative measures are increasingly critical as cyberattacks on state institutions continue to rise globally.
The incident is a stark reminder of how even secure platforms can be vulnerable, especially when widely used software like Microsoft’s is under attack.
Microsoft collaboration signals ongoing digital risk management
By bringing Microsoft on board, the National Treasury is taking steps to patch potential weaknesses in its systems and strengthen defences against future threats.
This partnership is particularly relevant given that Microsoft’s infrastructure has been at the centre of recent high-profile breaches.
While investigations are still underway, the department’s rapid containment of the threat and transparency around the incident are encouraging signs of a maturing public-sector cybersecurity strategy.
As digital transformation accelerates across South Africa, the need for robust cyber resilience has never been clearer.
The malware incident on the IRM website underscores the vulnerability of critical systems and highlights the urgency of continuous vigilance, collaboration, and investment in national cybersecurity infrastructure.
