South Africa’s internet infrastructure has been hit by a massive distributed denial-of-service (DDoS) attack, disrupting web hosting, e-mail and customer management services across some of the country’s largest network and hosting providers.
The attacks happened between Monday and Tuesday, with Xneelo, one of the country’s largest hosting providers, confirming on Tuesday that its network infrastructure had come under a large-scale cyberattack. At the time of filing this report, the company said it was still investigating the incident and working to mitigate disruptions affecting its control panel, KonsoleH management system, web hosting and e-mail hosting services.
A distributed denial-of-service (DDoS) attack is a form of cyberattack where attackers flood servers or networks with overwhelming amounts of internet traffic, making websites and online services inaccessible to legitimate users. Cybercriminals increasingly use such attacks for extortion, disruption campaigns, or to pressure companies into paying ransom demands to restore services.
How the attack happened
The first major disruption was reported by Network Platforms on Monday afternoon. According to the company, the attack began around 1:25 p.m. and escalated rapidly, with inbound malicious traffic reportedly peaking above 300Gbit/s.
The company said attackers launched a UDP flood attack targeting multiple IP addresses while constantly shifting attack points across the network. The assault affected both the company’s IP transit services and customer networks connected to its infrastructure.
Network Platforms also confirmed receiving ransom demands from the attackers, making it the clearest indication yet that the campaign may have been financially motivated. The company said neither it nor its affected clients paid the ransom, warning that additional attacks could still follow. As a precaution, it enabled DDoS scrubbing protection across all customers on its network, including clients who had not previously subscribed to the security service.
Another provider affected was 1-Grid, a hosting company focused on SMEs. The company, which says it serves more than 32,000 customers and hosts over 77,000 websites, reported intermittent service disruptions linked to a large-scale cyberattack on parts of its infrastructure.
Although 1-Grid later confirmed that the attack had been mitigated and services restored without requiring customer action, the incident further heightened concerns that South Africa’s internet infrastructure could be facing a coordinated cyber campaign.
The most recent victim was Xneelo, formerly known as Hetzner South Africa. From early Tuesday morning, users experienced intermittent outages affecting website hosting, e-mail hosting and customer control systems.
By late morning, the company confirmed it was dealing with a large-scale DDoS attack and classified the incident as a priority investigation. At the time of reporting, the company had not yet fully restored services, suggesting mitigation efforts were still ongoing.
While authorities and affected firms have not confirmed whether the same group carried out all three attacks, the timing and similarity of the incidents have raised fears of a coordinated ransom DDoS (RDoS) campaign. In such attacks, cybercriminals deliberately disrupt internet services and demand payment in exchange for stopping the assault.
Rise of cyber attacks in Africa
While this recent wave of attacks, looking at the nature of the incidents and ransom demands, is not considered an insider cyber threat, TechMedia Africa reported in March that 46 percent of the 200 South African firms surveyed recorded a rise in malicious insider incidents. The figure was higher than the global average of 42 percent.
In early April, TechMedia Africa also reported that cyber threats detected in Kenya surged to 4.6 billion in the last three months of 2025, representing a 441.3 percent increase from the previous quarter. Between April and June 2025 alone, Kenya reportedly lost KES 29.9 billion ($230 million) after recording more than 4.5 billion cyber threat events.
At the backdrop of these rising attacks, a recent cybersecurity report showed that as many as 82 percent of African organisations are struggling to find qualified cybersecurity and AI professionals. The growing skills shortage is also carrying major economic consequences, with Africa estimated to have lost nearly $5 billion to cybercrime in 2025 alone.