Troubling questions over South African internet infrastructure attacks

A series of large-scale DDoS attacks targeting South African hosting providers — including 1-grid, Domains.co.za, Xneelo, and Network Platforms — has raised serious questions about the true motive and identity of the attackers. The attacks peaked at over 600Gbit/s, yet the extortion demand was only 2.5 monero (~R16,000), far below the estimated cost of mounting such attacks. A security specialist suggests the targets were chosen strategically rather than opportunistically, pointing to a possible state-level or sophisticated threat actor. The attackers identified themselves as BlackMatter, a ransomware group with roots in DarkSide, though experts note the group routinely uses false flags and operates from jurisdictions like Russia that shield it from law enforcement. The mismatch between attack scale and ransom amount remains the central puzzle.