Facebook tracking pixel

Major Internet Problems Reported as DDoS Attacks Hit SA Providers

DDoS attacks SA providers
Generated Image: Copyright Newcastillian News

South Africans experienced widespread Internet instability on Tuesday, 19 May 2026, as several online services, websites and hosting platforms were affected by connectivity problems linked to a wave of distributed denial-of-service attacks targeting parts of the country’s Internet infrastructure.

According to MyBroadband, users across South Africa reported intermittent problems accessing various online services, including local and international websites.

Newcastillian News
Get ahead of the game. Know your customers. Email: [email protected] for rates

The publication reported that major South African news websites such as BusinessTech and News24 experienced brief outages, while users also reported difficulty accessing SARS eFiling and several other platforms.

MyBroadband further noted that outage tracking service Downdetector showed a surge in reports from around 10:00 on Tuesday, 19 May 2026.

While Internet outages are often viewed as technical problems affecting only large companies, Tuesday’s disruption highlighted how dependent South African businesses, news platforms, e-commerce operations, professional services and ordinary users have become on stable hosting, email and digital infrastructure.

Furthermore, the matter was not limited to one website or one service provider.

MyBroadband reported that South African web hosting and Internet infrastructure providers were facing sustained DDoS attacks against their networks.

Xneelo was among the latest providers affected, with the company reporting network degradation shortly after 09:00. MyBroadband stated that Xneelo’s control panels and hosting services could be inaccessible during the disruption, while the company’s team worked on mitigation measures.

Xneelo’s own network status page later confirmed that it was dealing with a large-scale DDoS attack affecting parts of its network infrastructure.

In an update published at 15:15 SAST on Tuesday, 19 May 2026, Xneelo stated that the attack had resumed and that customers could experience intermittent connectivity issues, increased latency or timeouts while mitigation work continued. Its status page listed konsoleH, the xneelo Control Panel and Managed Hosting Email as affected services at the time.

For businesses, the practical impact of such incidents can be immediate. Website downtime can prevent customers from accessing services, online stores can lose orders, staff may struggle to access email, and professional communication can be disrupted.

For media platforms and digital publishers, the problem can also affect the ability to publish, distribute and monetise news content during periods of high reader demand.

The wider industry picture suggests that this was part of a larger attack pattern. MyBroadband reported that 1-Grid had battled an attack since Sunday, with the attack reportedly exceeding 100Gbps and targeting IP addresses across its ranges. It also reported that Network Platforms saw sustained attack traffic averaging around 300Gbps, with peaks as high as 675Gbps.

Network Platforms’ own status page confirmed that it experienced degraded service on its network infrastructure on 18 May 2026.

In an update, the company stated that it was experiencing an active and ongoing DDoS attack targeting parts of its network infrastructure and certain client networks using its IP Transit services. It further stated that inbound attack traffic peaked at well over 300Gbps, with some clients experiencing intermittent latency, packet loss or route instability.

By the following morning, Network Platforms said the DDoS activity had subsided significantly.

However, it also warned that because neither it nor the affected clients had complied with ransom demands received from the attackers, there remained a strong possibility of continued or recurring attack activity. The company said it had temporarily enabled DDoS scrubbing protection across all clients using its network as a precaution.

MyBroadband also reported that Host Africa, Diamatrix, known as Domains.co.za, Liquid Intelligent Technologies and Datakeepers were among the infrastructure providers said to have been affected.

According to the publication, one source claimed the attack on Host Africa peaked at 1Tbps, while the attack on Domains hit 100Gbps. MyBroadband stated that the attacks involved a combination of IP Fragmentation, Carpet Bombing and DNS Amplification.

In simple terms, a DDoS attack attempts to overwhelm online systems by flooding them with traffic, making services slow, unstable or inaccessible.

Carpet bombing is particularly difficult for providers because it does not focus on a single target. Instead, large parts of a company’s IP address ranges may be targeted at once, placing strain across broader infrastructure rather than one isolated server or website.

The scale of the reported attacks shows why even businesses that are not directly targeted can still feel the effects. If an upstream provider, hosting company, data centre or network path is under strain, the disruption can ripple through websites, mail servers, cloud services and customer-facing platforms hosted on that infrastructure.

NETSCOUT, whose Cyber Threat Horizon platform tracks global cyber threat activity, explains that the DDoS threat landscape is constantly changing and requires continuous monitoring to understand how attackers are modifying their behaviour and targets.

Its South Africa threat intelligence page lists several attack vectors observed in the country, including DNS, DNS Amplification, UDP and other amplification-based methods.

For local businesses and organisations, the events serve as another reminder that digital infrastructure now requires more than a website and an email address.

Hosting resilience, backups, DNS management, email continuity, uptime monitoring and a clear response plan have become part of basic business continuity.

This is especially relevant for companies that rely on their websites for bookings, enquiries, payments, advertising, online forms, applications or customer support. A few hours of downtime may not sound severe on paper, but when it affects trading, communication or public access to information, the cost can become far greater than the hosting bill itself.

At this stage, the full extent of Tuesday’s Internet disruption remains unclear. MyBroadband noted that it was not certain whether the DDoS attacks against South African hosting and network infrastructure providers were directly related to all the other Internet problems reported by users.

Paid Survey

However, the timing, scale and number of affected providers point to a serious period of instability within parts of South Africa’s digital infrastructure.

What are your thoughts on all this? Did you experience any delays or downtime today? Let us know below.

While you are here, be sure to read: 24 Undocumented Workers Found at Newcastle Factory as Owner Taken Into Custody

Newcastillian News invites your input. We ask that you keep your remarks courteous and on-topic. We do not allow any form of hate speech, such as racist or sexist comments. All comments are subject to moderation in line with our User Rules and Commenting Policy.

SPONSORED

Advertise your business to South African readers.

Follow us on WhatsApp

Get the latest local news and breaking updates straight to your phone.

CATEGORIES