Cyber Incident Victim: Prefeitura de Jaboatão dos Guararapes
Date:
Jul 2024
Location:
Brazil
Summary
The municipal administration of Jaboatão dos Guararapes experienced an international cyberattack that disrupted multiple online services, including social program registrations and public consultation systems. The incident occurred overnight and prompted technical, legal, and administrative responses from authorities, with similarities noted to prior breaches affecting state and federal entities. Services are expected to be restored within 72 hours following the disruption, which was reported to cybercrime police units.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Prefeitura de Jaboatão dos Guararapes, located in the Greater Recife area of Brazil, experienced a significant cyberattack on July 10, 2024, which disrupted multiple municipal services. The attack occurred during the early morning hours and was characterized by municipal authorities as an act of vandalism. This incident forced the temporary shutdown of critical online platforms, including systems for scheduling appointments related to the Cadastro Único para Programas Sociais (CadÚnico) and the De Olho na Consulta service. The city administration promptly reported the breach to the Delegacia de Crimes Cibernéticos (Cybercrime Police Station) of the Civil Police, initiating formal investigations. This marked the second major cyber incident affecting Jaboatão's digital infrastructure, following a previous attack in 2019 that had similarly taken the municipal website offline. Municipal officials identified the 2024 attack as originating from international actors, though no specific threat group or nation-state was named in initial reports. Service restoration estimates projected a 72-hour recovery timeline, during which residents would experience limited access to affected platforms. The disruption impacted social program enrollment systems crucial for low-income residents, creating immediate administrative challenges for both citizens and municipal workers.
The municipal government responded by implementing legal, technical, and administrative countermeasures to contain the breach and restore operations. Officials noted technical similarities between this attack and previous cyber incidents targeting Brazilian government entities, specifically referencing the 2023 breach of Pernambuco's state government systems and a separate 2024 attack on federal government infrastructure. While the precise attack vector remained unspecified, the pattern recognition suggested potential coordination or shared methodologies among threat actors targeting Brazilian public sector entities. No ransomware demands or data exfiltration claims were publicly disclosed by either the attackers or municipal authorities at this initial stage. The city's communications emphasized operational continuity efforts for essential services unaffected by the digital intrusion, though specific mitigation strategies weren't detailed in public statements. Technical teams worked to isolate compromised systems while maintaining baseline municipal functions through alternative procedures during the outage period. The administration maintained public updates through non-digital channels as recovery efforts progressed toward the estimated 72-hour normalization window.