
The Namibia Cyber Security Incident Response Team (NAM-CSIRT) has identified 13 Namibian organisations potentially exposed to a global cyber security incident that could allow hackers to gain unauthorised access to corporate networks, steal sensitive information and launch ransomware attacks.
The incident, known as FortiBleed, involves the exposure of administrator credentials, virtual private network (VPN) credentials and firewall configuration data linked to internet-facing Fortinet FortiGate devices used by organisations worldwide.
NAM-CSIRT, which operates under the Communications Regulatory Authority of Namibia (CRAN), said all affected Namibian organisations have been contacted directly and provided with guidance on urgent remedial measures to secure their systems and reduce the risk of compromise.
According to NAM-CSIRT, the exposed credentials could enable cyber criminals to bypass security controls, impersonate legitimate users, alter network settings and potentially gain access to sensitive corporate information. In severe cases, the vulnerability could be exploited to facilitate ransomware attacks.
“Fortinet firewalls act as the digital front gate to an organisation’s network. If the keys to that gate, such as administrator usernames, passwords or VPN credentials, become exposed, malicious actors may be able to enter the network as though they were authorised users and carry out harmful activities without immediately raising suspicion,” NAM-CSIRT said.
The cyber security team has urged organisations using Fortinet infrastructure to immediately reset administrator and VPN credentials, implement multi-factor authentication, upgrade affected devices to supported software versions and review systems for signs of unauthorised access.
Additional recommendations include restricting public access to management interfaces, reviewing firewall and VPN configurations for unauthorised changes, and conducting threat-hunting exercises to identify possible compromises.
CRAN Executive for Communication and Consumer Relations Mufaro Nesongano said there is currently no evidence of widespread compromise among affected Namibian organisations, but warned that the incident highlights the growing sophistication of cyber threats.
“While there is currently no evidence of widespread compromise among affected Namibian organisations, this incident highlights the importance of proactive cyber security measures. Cyber threats continue to evolve, and preparedness remains our strongest defence,” Nesongano said.
NAM-CSIRT said it continues to monitor the situation and remains available to provide technical guidance and incident response support to affected organisations







