The University of the Witwatersrand (Wits) suffered a zero-day cyber attack targeting its Oracle E-Business system, compromising operations across multiple countries. The attack exploited an unknown software vulnerability with no prior patch, forcing Oracle to respond under immediate pressure. While the university claims operations continue 'as normal,' the extent of data compromise remains under investigation, involving collaboration with ICT, Oracle, and cybersecurity experts. Critical Oracle patches were applied post-incident, but the potential risk to students, faculty, and administrative data is still being assessed. The Information Regulator was notified, highlighting compliance concerns. This attack aligns with a broader surge in cybercrime targeting South African institutions, including Netstar, Cell C, MTN, and SAA, with the country being a prime target for infostealer and ransomware attacks per ESET’s Threat Report. The incident underscores vulnerabilities in enterprise systems and the escalating threat landscape in Africa’s most targeted cyber region.
Source: https://www.itweb.co.za/article/wits-university-it-system-hit-by-zero-day-event/Kjlyr7wB6Rlvk6am
TPRM report: https://www.rankiteo.com/company/university-of-the-witwatersrand-wits-alumni
"id": "uni4893748101725",
"linkid": "university-of-the-witwatersrand-wits-alumni",
"type": "Vulnerability",
"date": "10/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Higher Education',
'location': 'South Africa',
'name': 'University of the Witwatersrand (Wits '
'University)',
'type': 'Educational Institution'}],
'attack_vector': 'Software Vulnerability (Zero-Day)',
'description': 'The University of the Witwatersrand (Wits University) '
'confirmed that its Oracle E-Business system was hit by a '
'zero-day cyber attack, exploiting an unknown software '
'vulnerability. The attack compromised systems across multiple '
'countries. The university asserts that operations continue as '
'normal while investigations are ongoing to determine the '
'extent of data compromise. ICT has implemented the latest '
'critical patch updates from Oracle, and the Information '
'Regulator has been notified.',
'impact': {'operational_impact': 'Operations continue as normal (claimed)',
'systems_affected': ['Oracle E-Business System (Multiple '
'Countries)']},
'investigation_status': 'Ongoing (assessing potential risk to community and '
'data compromise)',
'references': [{'source': 'Wits University Public Statement'},
{'source': 'ESET Threat Report (Bi-Annual)'}],
'regulatory_compliance': {'regulatory_notifications': ['Information Regulator '
'of South Africa']},
'response': {'communication_strategy': ['Notification to Information '
'Regulator',
'Public disclosure'],
'containment_measures': ['Implementation of latest Oracle '
'critical patch updates'],
'incident_response_plan_activated': True,
'third_party_assistance': ['Oracle', 'Cyber Security Experts']},
'title': "Zero-Day Cyber Attack on Wits University's Oracle E-Business System",
'type': ['Cyber Attack', 'Zero-Day Exploit'],
'vulnerability_exploited': 'Unknown Oracle E-Business System Vulnerability'}