Durban is the biggest cargo port in sub-Saharan Africa.

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals.

The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said.

In a letter to its customers dated Monday, the company declared a force majeure—a clause that prevents a party from fulfilling a contract because of external and unforeseen circumstances.

It said it had "experienced an act of cyber-attack, security intrusion and sabotage, which resulted in the disruption of... normal processes and functions."

The attack has affected ports in Durban—the busiest in sub-Saharan Africa—as well as Cape Town, Port Elizabeth and Ngqura, Transnet said in the "confidential" notice seen by AFP on Tuesday.

In a statement later on Tuesday, the firm said it expected to lift the force majeure "soon" following "significant progress in restoring" its systems.

"It is expected that some applications may continue to run slowly over the next few days," it said.

The outage came on the heels of civil unrest sparked by the jailing of ex-president Jacob Zuma that halted operations for several days.

"The last few days have been the nail in the coffin," said Dave Watts, a consultant to the South African Association of Freight Forwarders.

"Up to this morning nothing is moving out of the ports, zero, since Thursday," he told AFP.

"It's a nightmare. It's just a catastrophe, frankly," he said, noting that the disruption had occurred at the peak of the citrus export season, when South African farmers were rushing to get their produce to foreign markets. "It's a perfect storm".