“Ex-Mossad” group threatened South Africa cyberattack, leaks show

South Africa was threatened with a serious cyberattack from people claiming to be ex-Mossad hackers, according to documents included in the “spy cables” cache that was recently leaked to Al Jazeera.

The cache includes communications between South Africa’s State Security Agency (SSA) and its counterparts around the world, including the CIA and Israel’s Mossad. The revelations are particularly embarrassing for the South Africans, but sometimes also for those overseas, such as the Israelis.

So far, none of the revelations have been particularly tech-related (apart from the fact that the leak was digital), but on Tuesday Al Jazeera reported on a 2012 SSA reference to the “ex-Mossad” threat, which took place in the context of a pro-Palestinian boycott and sanctions campaign that was underway in South Africa and elsewhere.

The people in question apparently hand-delivered a letter to the South African financy ministry, threatening to attack the country’s banking and financial sector if the government did not shut down the anti-Israel campaign in South Africa within 30 days and remove and prosecute certain people linked with the campaign.

They claimed to have been partly responsible for the Stuxnet worm that sabotaged Iranian uranium enrichment facilities about five years ago – widely believed to be the work of the Americans and Israelis – and the associated Flame malware that was used to spy on targets in the Middle East. The group said they still had access to Mossad technologies and resources.

There’s no evidence of the attack having taken place, or of the government cracking down on the boycott campaign, which enjoyed the sympathy of many high-level figures in the country. In the document, the SSA said the Directorate of Priority Crime Investigation had looked into the letter’s authenticity, but the outcome of that probe was unknown.