Hackers infiltrated KwaDukuza’s municipal system, using spyware to steal R35.7 million on January 31 – now, a forensic probe and court battle aim to recover the missing money.

The long-awaited fraud investigation report by ABSA on the unlawful transfer from the municipality’s account in January was presented to the council on Thursday.

The investigation revealed that three municipal laptops were compromised with an unauthorised remote monitoring application, Net Monitor for Employees Software Tool.

This software allows a remote user to access computers, record activities, capture keystrokes, block websites and even eavesdrop using the microphone.

It also enables the remote operator to reboot, lock or unlock the affected devices.

By March, ABSA had recovered R30.8 million, which was deposited back into the municipal account on February 27.

However, R4.41 million remains unaccounted for after being unlawfully transferred to a specific company.

The municipality has since filed an urgent high court application to liquidate the company, with a hearing set for March 26.

Further investigation revealed that the software was installed in November last year and set to auto-start upon booting the devices.

Municipal spokesperson Sifiso Zulu said the installation was done using credentials from a current employee and a former staff member.

“On January 31, all three of the computers taken for analysis experienced a forced redirect to a domain which will display “ERROR Check Internet Connection-IP_CONFLICT” when they attempted to access the Internet or the ABSA Access system, specifically during the period of the fraudulent transactions.

“As it appears that the three laptops analysed were unable to access the ABSA Access system during the period of fraudulent transactions, it could mean that different computers were used to perform the fraudulent transactions using the compromised credentials of the three users,” said Zulu.

In response, the council has resolved to appoint forensic investigators to determine the full extent of the breach and its link to the fraud.

A full IT security audit will also be conducted to remove unauthorised software and strengthen cybersecurity measures.

Additionally, the municipal manager has been authorised to work with the Saps Commercial Crimes Unit, ensuring ABSA’s findings are incorporated into the ongoing investigation.

Stay in the loop with The North Coast Courier on Facebook, X, Instagram & YouTube for the latest news.

Mobile users can join our WhatsApp Broadcast Service here or if you’re on desktop, scan the QR code below.