Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
News

STEALER LOGS: A HIDDEN THREAT TO DIGITAL SECURITY

19 AUGUST 2025 – WINDHOEK
In today’s digital landscape, cyberspace is continually challenged by evolving
cybersecurity threats that operate covertly, collecting vast amounts of
sensitive data. Among these threats, stealer logs have emerged as a significant
innovation in modern cybercrime, posing direct risks to individual security and
serving as a crucial tool for enabling more complex attacks such as
ransomware.

Stealer logs are comprehensive data packages generated by specialised
malware known as infostealer malware. Once this malicious software infiltrates
a device, it discreetly gathers sensitive information, including stored browser
passwords, authentication cookies, banking details, cryptocurrency wallet
information, social media account data, and system information. This data
collection occurs silently and without the user’s knowledge, often while they
are engaged in regular computing activities. The malware operates covertly
in the background, secretly extracting valuable information that is compiled
into organised logs. These logs are then traded on clandestine marketplaces,
where cybercriminals purchase access to credentials and personal data for
malicious purposes.

Modern stealer logs encompass far more than just stolen passwords. They often
contain authentication tokens that enable criminals to bypass login
procedures entirely, as well as saved payment information, browser autofill
data, and comprehensive details about a user’s digital activity and system
configuration.

Current Impact and Scale of Stealer Logs
Stealer log activities are now more widespread than ever. Security researchers
have noted a staggering 6,000% increase in infostealer infections since 2018,
highlighting the rapid evolution of this threat. Recent analyses reveal that over
4.3 million devices were compromised by stealer malware in 2024 alone,
resulting in approximately 330 million credentials stolen.

Additionally, the threat extends beyond individual victims to compromise the
security of the entire organisation. Frequently, corporate credentials appear in
stealer logs when employees’ personal devices become infected, potentially
enabling attacks on business networks. Cybercriminals utilise automated tools
to scan databases for company email addresses, internal system references,
and privileged account information. This evolution reflects a shift in the threat
landscape: the security of individual devices now directly impacts the overall
cybersecurity posture of the organisation.

Stealer Logs Link to Ransomware Operations
A study conducted by Verizon in their 2025 Data Breach Investigations Report
highlights a direct link between stolen login credentials and ransomware
attacks. The research indicates that most ransomware victims had their
organisational domains already recorded in stealer log databases prior to the
attack. This demonstrates a shift in the initial access strategies of ransomware
groups: rather than relying solely on vulnerability exploitation or phishing
campaigns, many now purchase stolen credentials from stealer log
marketplaces to infiltrate targeted networks.

The approach used by ransomware operators is typically foreseeable. They
often acquire necessary credentials through illicit underground markets,
investing only a modest amount of money to access valuable accounts. Once
inside, they establish a foothold within the target networks, conduct
reconnaissance, and then proceed to deploy ransomware or exfiltrate
sensitive information.

An example of this method is the 2025 attack on the Spanish
telecommunications firm Telefonic. The HellCat ransomware group exploited
stolen credentials from over 500 employees, obtained through infostealer
infections, to breach the company’s internal systems. These compromised
credentials enabled the attackers to infiltrate the corporate infrastructure and
exfiltrate confidential company documents.

Protection Strategies for Individuals and Organisations
To effectively safeguard against stealer log threats, implement a
comprehensive security strategy that combines both preventative and
detective measures:

  • Acquire software exclusively from official vendors and trusted sources to
    ensure integrity and authenticity,
  • Enforce robust authentication protocols, including multi-factor
    authentication, phishing-resistant login methods, and transition towards
    a zero-trust access framework,
  • Develop and execute patch management plans, automating updates
    for operating systems, browsers, and applications to close vulnerabilities
    exploited by stealers,
  • Maintain clear separation between personal and business environments
    to reduce risk exposure,
  • Utilise dark web monitoring solutions and continuously surveil stealer-log
    marketplaces for leaked credentials, enabling proactive response at the
    earliest signs of compromise,
  • Provide ongoing user awareness training to help identify fake
    CAPTCHAs, malicious advertisements, and social engineering tactics
    used to deliver stealers, and
  • Deploy Behavior-Based Endpoint Detection and Response (EDR)
    solutions that detect credential harvesting activities and prevent data
    exfiltration in real time.

    In conclusion, the emergence of stealer log threats signifies a significant
    evolution in cybercriminal strategies, transforming isolated device infections
    into coordinated data collection efforts that underpin large-scale attack
    campaigns. Recognising that user behaviour, whether on personal devices or
    organisational accounts, can directly impact the security of entire ecosystems
    underscores the necessity for comprehensive cybersecurity measures.

    It is essential for both institutions and individuals to implement robust protection
    protocols to safeguard the interconnected cyberspace against such
    pervasive threats.

    END
    Issued By:
    Namibia Cyber Security Incident Response Team (NAM-CSIRT), housed by the
    Communications Regulatory Authority of Namibia (CRAN)
    Tel: +264 61 222 666
    Email: Communications@cran.na

Related Posts

FAKE WEBSITES OF TRUSTED NAMIBIAN INSTITUTIONS

  • October 2, 2025

Artificial Intelligence Powered Attacks

  • May 14, 2024

COVERAGE OF ELECTIONS IN NAMIBIA IN ACCORDANCE WITH THE BROADCASTING CODE FOR BROADCASTING LICENSEES AND THE CONSEQUENCES OF NON-COMPLIANCE

  • December 16, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Emilia Nghikembua

Chief Executive Officer

Emilia Nghikembua is the Chief Executive Officer of the Communications Regulatory Authority of Namibia (CRAN). She is the holder of a Baccalaureus Juris, Bachelor of Law and Master of Law (cum laude) degrees from the University of Namibia, respectively. Emilia also holds a Master of Arts in Information and Communications Technology; Policy and Regulation obtained from the University of the Witwatersrand and an Executive Master of Business Administration with majors in business and technology. She is an admitted legal practitioner of the High Court of Namibia.

Emilia was ranked among the top 100 African economic leaders by Institute Choiseul in 2022. The ranking identified her as among the 100 Africans under the age of 40 years, expected to play a major role in the continent’s economic development soon. In 2023, Emilia was honoured by the Windhoek Observer as one of 50 Namibians of Merit under the corporate leadership segment. Emilia is passionate about uplifting people.

Maria Moses

Executive: Finance & Administration

Maria has over 20 years of experience in the finance/accounting field, and has served as an Auditing Officer, Management Accountant, Manager: Management Accounting, and Director: Administration Services for various public and private sector organisations in the pension fund industry, ICT regulator, road sector and mining and energy sector.

Maria holds a Master of International Business, Bachelor of Technology in Accounting & Finance, National Diploma in Accounting, Certificate in Business Accounting, Certificate in Telecommunications Policy, Regulation and Management (TPRM), Certificate in Project Management and Certificate in Management Development Programme (MDP).

Josephine Shigwedha

Executive: Regulatory & Corporate Legal Services

Josephine Shigwedha is an admitted legal practitioner with a Master of Laws (LLM) and has over eleven years of dedicated experience in various aspects of corporate law. Her extensive background includes five years at the Senior/Executive Management level, where she has consistently demonstrated a commitment to excellence in executing her responsibilities. She further serves as a Non- Executive Director for the Aviation Regulator, NCAA.

In addition, she holds a B-Juris Law Degree and an LLB Honours Degree from the University of Namibia. To further compliment her legal, compliance and risk management experience, Josephine obtained a Post Graduate Certificate in Risk, Compliance and Governance Law from the University of Witwatersrand, and completed the Executive Development Program leadership training at the University of Stellenbosch. She is currently enrolled for the MPhil in Business Administration with the University of Pretoria.

Moreover, her expertise encompasses regulatory compliance, legal risk management, contract management, litigation oversight, and policy formulation.

Tulimevava Kaunapawa Mufeti

Chairperson

Kauna Mufeti is a Computer Science and Information Systems expert with extensive experience in the use of ICT infrastructures to support e-Learning in developing contexts. She also has a passion for software development, specifically in creating database-driven web applications for multi-user systems and developing content for online courses.

Her leadership journey includes heading the School of Computing from 2015 to 2020, where she oversaw educational, research, and administrative functions. She supervised multiple collaborative funded research projects with various national and international institutions.

Kauna also has a robust background in managing the development of software systems. She spearheaded the development of several Content Management Systems for the University of Namibia (UNAM) clients. She also managed the development of the University Management Information Systems project at UNAM, coordinating efforts between multiple stakeholders and an offshore development team.

She holds a Doctor of Philosophy in Information Systems, Master of Science Degree in Computer Science, and Bachelor of Science with Honours Degree in Computer Science, all from Rhodes University. Additionally, she holds a Bachelor of Science Degree in Computer Science and Physics, from the UNAM.

She is currently an Associate Professor in the Department of Computing, Mathematical and Statistical Sciences at UNAM.

Aletha Nangula Haufiku

Board Member

Aletha Haufiku is a Human Resources professional with over 15 years of business acumen and extensive HR leadership. She is a versatile, personable, results-oriented, and empowering Leader that assists the firm's leadership team in translating the company strategy into HR initiatives that improve performance, profitability, and growth, while also handling legal and compliance concerns, talent retention, and employee engagement.

She has expertise and experience in general HR and business functions such as Business Management, Strategic Human Resources, HR Staffing & Administration, Organisational Development Business Re-engineering, Employee and Labour Relations, Compensation and Benefits, and Employee Wellness, Health and Safety.

Aletha holds a Master of Science in Entrepreneurship (MSC) from the ESSCA School of Management in Paris, France; Master of Business Administration (MBA) from the City University of Applied Science, Hochschule Bremen, Germany; B Tech Human Resources Management and National Diploma Human Resources Management from the Namibia University of Science and Technology (former Polytechnic).

She is currently employed by Bokomo Namibia as Human Resources Executive.

Elvis Elia Nashilongo

Vice-Chairperson

Elvis Nashilongo is an operations’ practitioner with over 2 decades of experience in the management of Pension funds schemes. He holds a Master’s degree in International Business (MIB/MBA) specializing in Business Management strategies. He also holds a Post Graduate Diploma in Executive Development Program (EDP), a Bachelor’s Degree in Communication and Industrial Psychology and a National Diploma in Public Management.

Mr. Nashilongo has served in leadership and management roles such as former chairman at Mobile Telecommunications Limited (MTC), a former chairman of Government Employees Pension Fund (GEPF) and Principal Officer of GEPF, Board Member at Retirement Funds Institute of Namibia (RFIN), Director and Chairman at Omusati Medical Hospital, and Board Member at Public Relations Institute of Southern Africa (PRISA). He is currently employed as General Manager: Operations, at the Government Institutions Pension Fund (GIPF)

Gerhard Coeln

Board Member

Gerhard Coeln is a seasoned Electrical Engineer and founder of GeCoCo Consulting, responsible for electricity distribution & supply industry development and restructuring at local, regional, and national level. He holds an MBA from the Heriot-Watt University in Edinburgh Business School in Scotland and a B.Sc. Electrical & Electronic Engineering from the University of Cape Town. He has recently participated in and received the TPRM certificate course at Wits University.

Gerhard initially worked at telecom companies in South Africa whereafter he returned to Namibia where he worked for a consulting firm Henning Seelenbinder and Partners (HSP) in Windhoek, which concentrated more on power systems and electricity networks throughout Namibia. He then worked for the Municipality of Walvis Bay electricity department until the establishment of Erongo RED.

Gerhard was involved in the restructuring process of the electricity supply industry that culminated in the creation of the Electricity Control Board. Moreover, he was the founding Chief Executive Officer (CEO) of Erongo RED from March 2005 until January 2013. He provided strategic leadership, financial planning and management, board reporting, risk management, environmental scanning, stakeholder management, corporate governance, corporate image, and project management skills during his tenure at Erongo RED.

He as worked at multiple private electricity firms such as Rural Maintenance (Pty) Ltd involved in turn-around strategies for municipalities’ electricity department in South Africa.

Veiko Shatilwe Alexander

Board Member

Veiko Alexander is an admitted legal practitioner of the High Court of Namibia and is the founder and director of the law firm, Veiko Alexander & Company Incorporated. He holds a LLB from the University of South Africa and B-Juris from University of Namibia.

Veiko’s service alignment is predominantly commercial and corporate advice, although a limited part of his practice also includes, labour, civil and criminal litigation. He specialises on advising on mining and minerals related law; licensing and regulatory; the drawing, negotiation and reviewing of contracts; conducting of due diligences and project financing.

Apart from being a practicing lawyer, Veiko is also a director, and serves on the board of directors of CRAN, Lemon Square Investments (Pty) Ltd, Nam-mic Holdings (Pty) Ltd and Ino Harith Capital, a leading fund manager appointed to manage the Namibia Infrastructure Fund 1 and Namibia Infrastructure Fund 2.

Florette Nicolette Nakusera

Board Member

Florette Nakusera is a seasoned professional Economist with over 24 years of experience, ranging between leadership, executive, management and operational experience in the financial sector, the aviation sector, statistics, environmental economics, and the education sector. She possesses excellent communication and negotiation skills and have good strategic appreciation and vision. she has a collaborative approach, with good interpersonal skills to engage, motivate and encourage others. She is an analytical decision-maker that has considerable experience in building companies/institutions and managing difficult situations.

Florette holds an M.Comm (Economics) and B.Comm (Hons) Economics from the University of Stellenbosch. Additionally, she also holds a Bachelor of Commerce degree from the University of Namibia, certificates in International Executive Development Programme (IEDP) form the WITS Business School and London Business School, and Executive Development Programme (EDP) from the University of Stellenbosch Business School.

She is currently employed by the Bank of Namibia (BoN) as a Director of the Financial Stability and Macroprudential Oversight Department, and Head of the Namibia Deposit Guarantee Authority (NDGA). She is also a Member of the Financial Sector Stability Committee (FSSC) and Macroprudential Oversight Committee (MOC) at BoN.

Jeanine Du Toit

Board Member

Jeanine du Toit is a dedicated and driven professional with a profound enthusiasm for finance, technical standards, and value-added reporting. With a career spanning over a decade in managerial roles as an audit partner/director, Jeanine brings a wealth of experience in bookkeeping, accounting, taxation, payroll, and audit engagements across diverse industries.

Jeanine holds an Honours Bachelor of Accounting Science and Bachelor of Accounting Science from the University of South Africa (UNISA). She is recognized as a Competency Assessor, Registered Auditor, Chartered Accountant, and Professional Accountant. Her commitment to professional excellence is further demonstrated through her active participation on various institutional technical and educational boards, including the ICAN Accounting and Audit Standards Committee.

Throughout her career, Jeanine has navigated a wide array of industries including Property and Real Estate, Fishing, Legal Practitioners, Manufacturing, Transport, Freight, Shipping and Logistics, Health and Medical, Retail, Tourism and Leisure (Public Sector), Pharmaceutical, Mining, Property Development and Construction, Agriculture and Farming.

Currently, Jeanine serves as the Managing Audit Partner of PKF-FCS Auditors and Executive Director in Walvis Bay for PKF Financial Consulting Services (Pty) Ltd, Namibia. She also contributes her expertise to the governance of the Namibia Institute of Professional Accountants (NIPA), as an invited Board Member and serve on the Public Accountants and Auditors Board (PAAB) Educational Committee.

Pascal Haingura

Executive: Engineering & Technical Services

Mr. Haingura is a seasoned Information Technology professional with over 16 years of extensive experience spanning Software Engineering, Data Analytics, Digital Transformation, Project Management, IT Operations, and Infrastructure Development. His leadership has been demonstrated across diverse sectors, including energy, academia, and finance, where he has successfully developed IT strategies and policies, managed IT departments, and driven innovative technological solutions.

He holds a Master of Philosophy in Inclusive Innovation, a Master of International Business in Digital Transformation and Business Law, a Bachelor of Science Honours in Computer Science, and a Bachelor of Science in Information Technology. Currently, Mr. Haingura is pursuing a Master of Informatics in Data Analytics at the Namibia University of Science and Technology (NUST).

Helene Vosloo

Executive: Economics & Market Development

Helene obtained a master in business administration (MBA) through the Edinburgh Business School, Heriot-Watt University in the united Kingdom. She also holds an Honors degree in Statistics from the university of the State, South Africa. Helene lectured at the university of the Free State Between 1991 and 1992 after which she joined the National Planning Commission, Central Bureau of Statistic in 1992. In 1995 she joined the Ministry of Agriculture in the Directorate of planning, from where she moved to the electricity control board until she joined CRAN in 2012 as Head Economic Sector Research.

Tanswell Davies

Executive: Governance, Risk & Compliance Management

Tanswell obtained a Baccalaureus Juris Degree (December 2005) and a Bachelor of Law Degree (December 2007) through the University of Namibia and he is currently studying towards a Master in ICT Policy and Regulation Degree through the University of Witwatersrand in Johannesburg. He attended the School of Oriental and African Studies at the University of London from November 2005 to February 2006, where he completed a special program of study that focused on a legal system of Africa and Asia. Tanswell served as a member of the Namibia Rugby Union Disciplinary Committee in 2012.

He currently serves as a member of the Criminal Litigation Committee and as the Chairperson of the Bursaries and Sponsorship Committee of the Namibia Law Society. He lectured at the University of Namibia in the Law Faculty of the LLB Program on a part time basis from 2010 to 2013. He was admitted as a Legal Practitioner to the High Court in April 2009 and practiced for 4 years as a Legal Practitioner at BD Basson Legal Practitioners. In 2012, he joined PWC Auditing firm as Manager of Indirect Tax, a position he held until December 2012. He was appointed as a Legal Advisor for CRAN in 2013 to January 2015; in February 2015 he was appointed as Company Secretary for CRAN.

Lucrezia Henckert-Louw

Executive: Human Capital

Lucrezia Henckert-Louw is a seasoned Human Capital Practitioner and holds a National Diploma in Human Capital and a Bachelor of Technology degree in Human Resource from the Polytechnic of Namibia. She also holds a Senior Management Development Program qualification, which she obtained through the University of Stellenbosch Business School in the Republic of South Africa. Before joining CRAN in 2012, Lucrezia was employed by the International Training & Education Center on Health (I-TECH), where she served as a Senior Manager: Human Resources. Other previous employers include the polytechnic of Namibia where she was employed for ten years.

Lucrezia is passionate about the field of Human Resources and in establishing CRAN as an employer of choice. Her conviction that Human Resources should be an advocate for employees drives her on-going effects to strengthen CRAN’s HR department to ensure all employees are treated fairly and equally, and that needs of the business are balanced with the needs of the employees. “employees of choice are those companies that receive recognition for the way they treat employees; they are the companies for whom people want to work. Becoming an employer of choice means that Human Resources balances recruiting the most qualified applicants, selecting the most suitable candidates and retaining the most talented employees,” she states.

Elton Witbooi

Executive: ICT

Elton Witbooi holds a Diploma in Business Computing; Honours Degree in Software Engineering; Bachelor’s Degree in Administration; and a Master’s Degree in Business Administration. He served in various ICT capacities in numerous public and private sector organisations, before joining CRAN on 1 February 2023 as the Executive: Cyber Security and ICT.

Mufaro Nesongano

Executive: Communication & Consumer Relations

With over 20 years of experience in broadcasting, communication, public relations, and brand management, Mr. Mufaro Nesongano has successfully led various teams in the execution of communication and stakeholder management strategies across both the private and public sector within the realms of academia, tourism and quite recently, the insurance industry.

He holds a Master’s degree in Journalism and Media Technology, an Honours degree in Journalism and Communication, and a Bachelor’s degree in Journalism and Communication. Additionally, he has a certificate in Open Innovation, Branding Management, Digital Transformation Strategy and Executive and Management Coaching.

Cornelia Shipindo

Acting Executive: CIRT

Ms. Cornelia Shipindo is a highly accomplished Cybersecurtiy professional with an impressive educational foundation, including a Post Graduate Diploma in Business Administration, International Certification as a Certified Information Systems Auditor (CISA), and a Bachelor’s Degree in IT Systems Administration & Networks, among other relevant qualifications

Her career prior to joining the Communications Regulatory Authority of Namibia (CRAN) includes a pivotal role as an Information Security Specialist at Capricorn Group, where she excelled in security control governance, third party cyber risk management, incident response management, information security and data protection.

At CRAN, Cornelia is poised to make significant contributions to enhancing the organization’s cybersecurity framework, particularly in safeguarding national communication infrastructures from cyber threats. Her appointment is timely, reflecting the global urgency surrounding cybersecurity for regulatory bodies. With extensive experience in cybersecurity, risk & compliance, data protection and privacy. Cornelia’s leadership and expertise are set to play a crucial role in advancing CRAN’s strategic focus on protecting Namibia’s communications ecosystem.