Zimra Loses $2.3 million To Its Employee-Turned-Hacker

Alvine Chaparadza Avatar
ZIMRA, taxes, Zim Government

A Zimra employee reportedly hacked Zimra and stole $ 2.3 million. Although the culprit was caught before he managed to get away with it, Zimra hasn’t yet recovered the money. The employee, Stephen Moreka is employed as an infrastructure administrator by Zimra, no wonder he was able to pull it off well not exactly.

As a reader called out in the comments below (yes this has been updated), this was not a hack in the strict sense of the word. The guy is being charged with unauthorised access and that is also regarded as hacking broadly speaking. He did this while on sick leave by the way.

Zimra commissioner general stated that it had intercepted the staffer, who tried to transfer funds into other people’s accounts.

We ran an internal investigation and we are glad that we have finally captured the suspect from the IT (information technology) department.


Here is how he did it

The guy accessed Zimra’s payments terminal and then without permission, he started to upload files with a total value of $2,3 million (he faked payments that needed to be made sort of). He then went on to siphon the actual $2,3 million from Zimra’s server into various bank accounts of other people (most likely his accomplices).

To cover his trail, Stephen Morekan cleared the server logs by deleting files on the server.

As luck would have it, a Zimra accounting officer noticed the files and recovered them. Zimra then proceeded to report the issue to the police who apprehended him and now the matter is before the court.

Even though Zimra now knows where the money is, it’s still yet to recover it from the accounts the money was sent.

A heads up for organizations on ‘inside jobs’

Cyber-attacks resulting in the loss of money and private information has led many to believe that outside hackers are the only way companies can lose control over their money and data. While these events obviously need to be taken seriously, many companies ignore the possibility of internal employees being responsible for the loss of private information. It can be hard to scrutinize the people working daily to build up your organization, but system breaches coming from inside the business aren’t something to be taken lightly.

An employee has better access to a network computer that will readily connect to the heart of a system which is its most vulnerable part. Insiders also tend to know sensitive information including passwords, key passes, co-employees’ computing habits, system vulnerabilities, etc.

So while guarding against ‘outside’ hackers, organizations have to make sure that they are not overly exposed to ‘inside jobs’ at the same time.


  1. tawqoo

    mamama dai akaenda nayo motirova duty sezvinonzi atisi mazimbo

  2. Wraythe

    This isn’t hacking. Stop glamorizing your articles with catchy keywords. It’s FRAUD

  3. BTM

    Is it me or something is technically wrong with this article/description of what happened.
    -“He then went on to siphon the actual $2,3 million from Zimra’s server”.
    -“Zimra’s Paynet server”

    Not sure but this doesnt sound right from a technical point of view considering you are a tech magazine.i think its incorrect to say he stole money from a paynet server.If i am not mistaken paynet is an online Payment solutions and ideally you would still money from an account.The servers i think will be sitting with Paynet,i could be wrong but would be nice if you could also get a comment from Paynet.

    Anyway i think more people are involved with this as in most cases it requires authentication through a separate SFI system before a payment can go through.

    Regardless whilst doing a system implementation at some company a few years ago i highlighted the weaknesses of paynet which included being able to upload CSV files directly into paynet etc. but Zimbabwe being Zimbabwe noone bothered to listen.Paynet is a good system but it has its own weaknesses including in some cases super user password which are almost identical across most companies (not sure if this is still the case though)

  4. Chief

    The funds were not transferred to the different accounts as you suggest. Please get your facts right.

  5. the real hacker

    MMMM munonyanya kunyepa. Haisi hacking iyo.

  6. Raison

    Thats why you are delaying our refunds, please this is not our fault we need our money back.

2023 © Techzim All rights reserved. Hosted By Cloud Unboxed