Cybercrime Group XP95 Claims Responsibility for Ransomware Attacks on South African Government Agency and Spanish Software Provider

The emerging cybercrime group XP95 claimed responsibility for ransomware attacks targeting Statistics South Africa, the government agency responsible for conducting the national census and disseminating official statistics. The same group also breached a Spanish psychological software provider, though specific details about the latter incident were not disclosed. The attacks were reported on March 30, 2026, with no exact date of compromise provided. No technical details, such as exploited vulnerabilities or data exfiltration specifics, were mentioned in the report. The impact includes potential disruption to South Africa’s statistical operations and exposure of sensitive health or demographic data.