Treasury is the latest victim in a spate of hacking attacks aimed at government websites.
On Wednesday, News24 received an alert from anonymous Twitter user @VirusSec that Treasury would be his latest target. Moments later, the government department's website was inaccessible.
The notorious hacker has in the past targeted various government websites, including those of the Cybersecurity Hub, the Department of Environmental Affairs, the Presidency and the City of Tshwane.
The hacker appears to take issue with government's relationship with China and its handling of animal welfare issues, particularly lions and rhino.
In a direct message, @VirusSec told News24 that he specifically targeted Treasury's site in light of the resignation of Nhlanhla Nene as finance minister following his testimony before the commission of inquiry into state capture.
Nene revealed that he had met with the Gupta family at least six times at their Saxonwold home during his tenure as deputy finance minister as well as during the early stages of his first stint as head of Treasury. He was replaced by former Reserve Bank governor Tito Mboweni on Tuesday.
"Not enough is done for the animals of South Africa," @VirusSec said.
As an example, the hacker referred to the issuing of a permit to hunt Skye the lion in Mpumalanga on June 7.
The hacker said the hunt was "illegal" and that local government was complicit.
READ: Notorious hacker shuts down government website... again
The attack would not be limited to the website, @VirusSec said.
"Currently internal servers of treasury.gov.za [are] being attacked. Such as email and other servers…" he told News24.
"[The] front page might load sometimes but it's internally dead."
In August, following the hacking of the Cybersecurity Hub's website, @VirusSec said he was targeting government sites because "the current South African government is greedy, and it needs to change".
@VirusSec indicated that, although he had visited the country, he was not South African. However, he said, he knew many South Africans, including those who had left the country.
"People tell me that I don't know what I am talking about, but I have been in South Africa. I know what it's like," @VirusSec told News24.
@VirusSec claimed he had also hacked official Taliban websites in the past.
"Just note this, brother. This is not the end," he said.
"National Treasury can confirm that its emails have never gone down, contrary to claims made earlier on," Treasury spokesperson Ntsakisi Ramunasi said in an email to News24.
"The department's websites are up and reachable from all over the world. We have logged onto our website servers and they have not been compromised. No one has been able to access them.
"But there does seem to have been a distributed denial of service (DDoS) attack. This is when someone uses many machines to send fake requests to try to view the National Treasury website with the hoping that our servers will be so busy responding to the fake requests that they will fail to respond to legitimate requests.
"This attack is done without accessing Treasury servers. National Treasury is investigating with its service providers."
The website was live again when tested by News24 staff at 14:00 on Wednesday.
KEEP UPDATED on the latest news by subscribing to our FREE newsletter.
- FOLLOW News24 on Twitter