Cyber Incident Victim: City of Rosarito
Date:
Feb 2023
Location:
Mexico
Summary
A cyberattack targeted Rosarito’s municipal systems, infecting hundreds of servers and disrupting citizens' ability to pay property taxes and other service fees for multiple days. The incident prompted an official investigation by state authorities, with no claiming party identified nor any ransom demands disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 17, 2023, the City of Rosarito's municipal government experienced a significant cyberattack targeting its digital infrastructure. The incident resulted in widespread disruption after hundreds of the city council’s servers became infected with malicious software. This infection paralyzed key municipal services, particularly affecting citizens’ ability to pay property taxes and other essential municipal fees through standard channels. The service outage persisted for multiple days, creating logistical challenges for residents requiring timely transactions. Internal systems remained compromised without immediate restoration, though specific technical details about the malware variant or initial infection vector were not disclosed publicly. Municipal officials did not initially confirm whether data exfiltration occurred or whether the attack involved ransomware encryption. By February 24, city authorities formally reported the incident to Baja California’s State Attorney General’s Office, initiating an official investigation into the attack’s origin and full scope. No internal systems restoration timeline or interim contingency measures for citizen services were detailed in available reports during the incident’s immediate aftermath.
The municipal government maintained an ongoing investigation into the attack as of February 28, 2023, with no definitive conclusions publicly released regarding the perpetrators’ identity or motivations. Unlike contemporaneous cyberattacks against other Latin American organizations, no ransomware group or threat actor claimed responsibility for targeting Rosarito’s infrastructure. Official communications omitted any reference to received ransom demands, data leakage threats, or negotiation attempts. Forensic analysis focused on determining the intrusion methodology, total infected systems, and whether citizen data resided on compromised servers. Service functionality for tax and fee payments was restored following the multi-day disruption, though the technical remediation process remained undocumented in public records. The Attorney General’s office collaborated with municipal IT personnel to evaluate potential evidence while citizens faced lingering uncertainty regarding the security of municipal data systems.