Central Bank of Lesotho facing outages after cyberattack

The central bank of southern African country Lesotho is facing severe outages due to a cyberattack that was discovered earlier this week.

The bank released multiple statements confirming that a recent incident affected several systems. The landlocked mountainous country is encircled by South Africa and has a population of more than 2 million.

“The Central Bank of Lesotho advises the public that, on Monday 11th December 2023, it experienced a cybersecurity incident on its systems. The Bank has investigated the matter and is working around the clock to restore the systems,” the bank said on Tuesday.

“The Bank wishes to assure the public that it has not suffered any financial or other loss. However, the Bank has suspended some of its systems to prevent further infiltration from the attackers. Consequently, some payments may be delayed while the Bank works on getting the systems back to normalcy.”

The institution released another statement on Wednesday alongside the Bankers Association of Lesotho notifying that the ongoing downtime of the National Payments System “has made it impossible for all local banks to honor inter-bank transactions in the country.”

Technical teams are working to resolve the issue, the bankers association and the central bank said, but officials have “agreed to institute business continuity processes and measures as alternative ways to facilitate payments and transactions between all banks.” The statement did not specify what those alternatives were.

Local news outlets reported that because the country’s currency — the Loti — is pegged to South Africa’s rand, there were concerns that the incident might affect the exchange rate.

South Africa has been at the center of two headline-grabbing cybersecurity incidents this year. In June, the state-owned Development Bank of Southern Africa confirmed that it was hit by ransomware.

The country’s Defense Department was attacked by another ransomware gang in September and it nearly caused an international incident because it took place during an already controversial BRICS Summit in Johannesburg.

The gang leaked the personal phone number and email of the country’s president alongside a portion of the 1.6 terabytes of data stolen from the country’s defense systems. The government initially denied the attack before admitting that a breach did occur.

A report from cybersecurity company Zimperium this week said 29 malware families were used to target 1,800 banking applications across 61 countries in the last year. For comparison, the researchers saw 10 prolific malware families in 2022 target 600 banking apps.