Cyber Threat Actor: TeamR70
| Actor Type | Location | Known Incidents |
Sensationalist
|
—
|
2 incidents |
|---|
Profile
TeamR70, also referenced as Team R70, is a hacker group that has claimed responsibility for cyber incidents targeting Brazilian government‑related online services. The group first appeared in public reporting in early April 2024 when it asserted involvement in disruptions affecting the consumer protection agency Procon‑Santos and the Santos port authority. No additional aliases or organizational structure have been disclosed in the available sources.
The observed activity of TeamR70 consists of causing website instability and temporary outages for the targeted entities. On April 4 2024 both the Procon‑Santos portal and the Santos port’s website experienced periods of unavailability, with the port authority noting that its internal systems were also affected. The municipality confirmed that the Procon‑Santos site remained offline pending verification and that citizens could reach the agency through alternative contact methods such as phone, email, or in‑person visits at Poupatempo. No evidence of data loss was reported by the port authority’s security team following its investigation.
Public statements attributed the attacks to an individual named Azael, who was identified by the group as the responsible actor. Local news outlets cited Azael in connection with the claimed operation by TeamR70, although the municipality has not formally validated this attribution. The group’s claims were limited to asserting responsibility for the disruption; no further details about Azael’s role, background, or affiliations were provided in the sources.
In response to the incidents, both the consumer protection agency and the port authority initiated investigations with their respective service providers and cybersecurity teams. The port authority’s security team began recovery efforts while confirming that no data loss had been detected. The municipality indicated that it would continue to monitor the situation and restore normal online operations once verification was completed. These actions demonstrate a standard incident‑response posture rather than any specific counter‑measure linked to the group’s tactics.
Available reporting does not describe particular malware families, initial access vectors, or tooling styles associated with TeamR70. Consequently, no specific technical tactics, techniques, or procedures can be confirmed from the provided material. The group’s known activity remains limited to the claimed disruption of websites belonging to public‑sector organizations in Santos, Brazil, with an emphasis on causing service outages without reported data exfiltration or financial gain.
