New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Shadow Kill Hackers Attack City of Johannesburg

Shadow Kill: The city of Johannesburg, South Africa has been attacked once again by a group by the name of Shadow Kill. The city has reportedly been given three days to pay a ransom of $30,000 in Bitcoin. The attack took place on October 25th when the group disabled the city’s website and other online services. The city acknowledged the attack and took other systems offline themselves, such as customer-facing systems and billing systems, as a precaution. Several banks in the area also stated they were having Internet problems at the same time as the attack–which they thought to be related. Several employees from the city received ransom notes that said that the attackers purported to have dozens of backdoors in place for the city’s network and the attackers had access to all of the city’s files.

Analyst Notes

At this point, almost any entity is at risk of being attacked for ransom. Everyone should keep back-up files in case of an attack. The wave of ransom attacks on cities has not seemed to slow and has spread globally. Cities must keep up with security best practices and have a defense-in-depth strategy in place for an attack like this. More details can be found here: