A threat actor operating under the alias “fuckoverflow” has been observed selling alleged compromised accounts from the Companies and Intellectual Property Commission (CIPC) eServices portal — eservices.cipc.co.za — on a dark web marketplace. The post advertises verified access credentials for the South African government’s business registration system.
According to the post, each account is sold for $3 per account, with a minimum purchase of five accounts. The seller guarantees replacements for non-functional credentials.
The CIPC eServices platform is a critical portal that enables company registration, filing of annual returns, and management of official records for South African businesses. Unauthorized access to such accounts could enable malicious actors to:
- Alter company registration details, including director or address changes.
- Harvest corporate and personal data (e.g., ID numbers, contact details).
- Commit business identity theft by manipulating filings for financial gain.
- Exploit company profiles for fraudulent transactions or shell company setups.
Potential Impact
- Corporate Identity Risks: Malicious modifications to company records could result in reputational damage or fraudulent transactions.
- Data Privacy Concerns: Exposure of personal identifiers (ID/passport numbers, addresses) linked to CIPC accounts.
- Economic Threat: The incident could undermine trust in South Africa’s corporate registration infrastructure and facilitate large-scale financial scams.
- National Security Implications: Exploitation of official government systems by cybercriminals may impact state-level regulatory and enforcement capabilities.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and situational intelligence purposes.