WhiteHat NG is Nigeria's leading CERT-style Information Sharing and Analysis Center (ISAC). Founded in 2019, it serves as a people's Computer Emergency Response Team, providing cybersecurity advisories, vulnerability disclosure services, and threat intelligence to protect Nigerian cyberspace. WhiteHat NG publishes security advisories about vulnerabilities and threats affecting Nigerian organizations and citizens.

How do I report a security vulnerability to WhiteHat NG?

You can report security vulnerabilities through WhiteHat NG's Vulnerability Disclosure Program (VDP) at whitehat.ng/vdp/report. The platform accepts reports about vulnerabilities in Nigerian digital infrastructure, government systems, and private sector applications. All reports are handled confidentially by trained security professionals who coordinate responsible disclosure with affected organizations.

What types of security advisories does WhiteHat NG publish?

WhiteHat NG publishes four severity levels of security advisories: Critical (immediate action required), High (significant risk), Medium (moderate risk), and Low (minimal risk). Advisories cover topics including software vulnerabilities, malware campaigns, phishing attacks, data breaches, and emerging cyber threats affecting Nigeria. All advisories are available via web and RSS feed at whitehat.ng/advisories.

Is WhiteHat NG affiliated with the Nigerian government?

WhiteHat NG operates as an independent, community-driven cybersecurity organization. While it collaborates with government agencies and private sector partners on security matters, it maintains independence to serve as a trusted neutral party for vulnerability disclosure and security coordination. This independence allows WhiteHat NG to advocate for both security researchers and affected organizations.

How can organizations partner with WhiteHat NG?

Organizations can partner with WhiteHat NG through several programs: becoming an information sharing partner for threat intelligence, participating in the Vulnerability Disclosure Program as a receiving organization, sponsoring cybersecurity awareness initiatives, or contributing to advisory development. Contact partnerships@whitehat.ng or visit the About page for more information on collaboration opportunities.

Alert: Increased APT Activities in Nigeria

Executive Summary

Since mid-2022, there has been a notable rise in Advanced Persistent Threat (APT) activities along the shores of Nigeria. Recent data from supporting Security Operations Centers (SOC) and Managed Security Service Providers (MSSP) confirms this trend.

Threat Intelligence Evidence

APT Activity Evidence 1

Malware analysis showing sophisticated techniques used by APT groups targeting Nigerian organizations.

APT Activity Evidence 2

Command and control infrastructure identified during our investigation.

APT Activity Evidence 3

Additional indicators showing persistence mechanisms deployed by threat actors.

Threat Landscape

Observed APT Groups

Multiple sophisticated threat actors have been identified conducting operations in Nigerian cyberspace:

State-sponsored actors conducting espionage
Financially motivated APT groups
Hacktivists with political motivations

Target Sectors

Sector	Threat Level	Primary Objectives
Government	Critical	Intelligence gathering
Oil & Gas	High	Industrial espionage
Financial Services	High	Financial theft
Telecommunications	High	Data collection
Critical Infrastructure	Medium	Reconnaissance

Tactics, Techniques, and Procedures (TTPs)

Initial Access

Spear phishing campaigns
Exploitation of public-facing applications
Supply chain compromise

Persistence

Custom malware deployment
Living-off-the-land techniques
Compromised credentials

Objectives

Long-term access for intelligence collection
Data exfiltration
Infrastructure mapping

Recommendations

For Organizations

Implement defense-in-depth security architecture
Deploy advanced endpoint detection and response (EDR)
Conduct regular threat hunting activities
Establish incident response capabilities
Share threat intelligence with peers and authorities

For Security Teams

Monitor for indicators of compromise (IOCs)
Analyze logs for anomalous behavior
Implement network segmentation
Regular security assessments

Collaboration

WhiteHat NG is working with government agencies and private sector partners to track and mitigate these threats.

WhiteHat NG Threat Alert