SA's Top Supercomputer Hacked Twice - Why it Matters
South African business owners sat a little straighter in their seats after recent cybersecurity incidents made headlines. The attacks left the country's flagship supercomputer offline, while user credentials and private keys were most likely compromised.
Another sobering fact is that the CSIR's Centre for High Performance Computing's Lengau compute cluster was hacked twice in one week. Consequently, the system had to be shut down to prevent further damage and to allow for the breach to be fully investigated. The break also had to be reported to POPIA regulators.
While the incident itself is serious, it's worth noting that the compute cluster was isolated from the organisation's main IT environment, so business and research systems remained unaffected. This is a strong example of how proper network segmentation can contain the impact of a breach.
Although this is a highly technical IT problem, it doesn't only affect researchers and government systems. What it shows South African businesses is that even systems designed with advanced infrastructure and security layers can be successfully hacked.
The attack was financially motivated rather than an act of sabotage. Hackers gained access to the system's processing power and installed cryptocurrency mining malware to mine Monero, a hard-to-trace digital currency.
Why does this matter to ordinary SA Business Owners?
Reading this as a business owner that isn't in "big tech"? A supercomputer hack may not seem like something that concerns you, but the opposite is true. Here are some reasons why:
If a national-level institution with substantial IT resources can be hit twice in one week, smaller businesses without a dedicated security team are easier targets. These attackers weren't stopped by reputation, scale, or budget. The damage was limited because critical systems were isolated from the wider network, and affected infrastructure could be rebuilt securely.
**The attack path was credentials, not an extravagant exploitation. **Compromised usernames, passwords, and private keys are the same day-to-day risks that accounting firms, law offices, or logistics companies face. Weak passwords, no multi-factor authentication, old accounts that were never deactivated, shared logins… does any of this sound familiar? This is basic stuff, not nation-state hacking.
Downtime is the real cost, not just data loss. The CSIR's system being down for a week or two, with no access to its own files, is the business equivalent of "we can't invoice, access client records, or run payroll". For an SME, that's often enough to do real damage to cash flow and client trust, even if nothing was stolen.

Why a supercomputer was an easy target
Lengau is a petascale machine with 1,368 compute nodes and nearly 150TB of memory, capable of over a quadrillion calculations per second. This infrastructure exists specifically to solve problems too big for ordinary computers. And yet, ironically, it still got compromised by what sounds like a standard credential or access-control failure.
That's the pattern with most breaches, regardless of how impressive the hardware is. Attackers rarely need a sophisticated plot when stolen credentials, weak segmentation, or overlooked access points do the job. Raw computing power doesn't protect you from basic security gaps. If anything, more power just makes you a more attractive target once someone's in.
What this means if you're running business IT, not a national research cluster
Attackers go after whatever compute they can quietly hijack, and an under-monitored server room or a forgotten cloud instance is just as appealing as a national research facility, sometimes more so, because nobody's watching it as closely. Prevent cybersecurity blind spots with a proactive strategy.
Here are a few practical takeaways:
-
Segment your networks properly. Thanks to its strong, segmented architecture, Lengau's breach didn't spread into the CSIR's core business systems. You have a single point of failure waiting to happen if one compromised system can reach everything else on your network.
-
Watch for performance anomalies, not just alerts. The first sign of trouble at the CHPC wasn't a security tool firing off. Instead, users noticed that the system felt slow. Performance drops that don't make sense are often the earliest indicator of a cryptojacking infection, but they are also very easy to miss.
-
Rotate credentials and keys on a schedule, instead of after incidents occur. Once usernames, passwords, and private keys are exposed, every system that trusted them is suspect that needs to be looked into. Credentials that aren't updated often enough can turn a single breach into something far more harmful.
-
Know your reporting obligations before you need them. The CHPC's response included formal engagement with privacy regulators as part of the process. If your business handles personal data, your incident response plan should clearly state who gets notified and within what timeframe.
Where Daisy Business Solutions fits in
Every one of those four lessons above maps directly onto something a properly managed IT and network security setup should already be handling for you in the background.
Network segmentation is an ongoing design discipline. Daisy's network and security services are built around exactly this: keeping critical systems isolated from the rest of your environment, so that one compromised device or server doesn't become a company-wide incident.
Spotting "the system feels slow" before it becomes "we've been breached" is what 24/7 monitoring is for. Our managed IT services include continuous monitoring of network performance and unusual activity, which is the kind of early warning that would have flagged Lengau's cryptojacking attack before it had the chance to hit twice.
Credential and access management shouldn't depend on someone remembering to do it. As part of managed IT support, Daisy handles scheduled password rotation, access reviews, and key management. We make sure that a single set of exposed credentials doesn't remain valid without anyone becoming aware.
The Takeaway
What happened to SA's top supercomputer was opportunistic, financially motivated, and likely preventable with tighter access controls. That's actually the more useful lesson you can hold on to as a South African business owner: most breaches, even ones involving the country's most powerful computer, come down to fairly ordinary gaps in security hygiene.
If a facility built to handle some of the most demanding computing problems in the country can be compromised twice in eight days, it's worth asking how confident you'd be in your own systems holding up to the same kind of test.
At Daisy Business Solutions, we help businesses build practical, layered security strategies through managed IT services, network security, monitoring, access management, and infrastructure design that support productivity and protection. Cyber threats are becoming more common every day, and if South Africa's most powerful computer can become a target, any business can. Peace of mind starts with knowing your technology is working for you, not against you.
Check out our recent article about navigating workplace cybersecurity, a business guide for more insight. If you'd like to assess your current IT security posture and identify potential vulnerabilities before attackers do, contact us today.
Want to solve your Physical Security challenges?
Daisy provides end-to-end physical security solutions tailored for South African businesses. One SLA, one partner.

Daisy Business Solutions
Daisy Business Solutions is a leading South African technology partner - connecting, securing, powering and financing businesses under one SLA across eight divisions. Our editorial team shares practical insights to help SA businesses get more from their technology.


