Cyber Incident Victim: Municipality of Belen
Date:
Oct 2022
Location:
Costa Rica
Summary
The Municipality of Belen in Costa Rica experienced a cyberattack attributed to the Karakurt group, involving the theft of approximately 373 GB of corporate data such as emails, spreadsheets, building diagrams, real estate images, invoices, and detention videos. Online services were temporarily disrupted, prompting the institution to direct users to in-person transactions via social media updates. While the attackers claimed possession of sensitive information, no compromising data had been publicly released at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 11, 2022, the Municipality of Belen in Costa Rica experienced a cyberattack claimed by the Karakurt threat group. The attackers exfiltrated approximately 373 gigabytes of corporate data, which included PDF documents, spreadsheets, email communications, and technical building diagrams. Karakurt further specified the stolen data encompassed real estate images, financial invoices, graphical materials, architectural drawings of new construction projects, and surveillance videos related to detentions. The breach prompted the municipality to temporarily disable its online services to contain the incident and prevent further unauthorized access. Municipal operations relying on digital platforms were disrupted, forcing residents to seek alternative methods for transactions and information access.
The municipality communicated updates about the incident through its official Facebook page, advising citizens to conduct in-person transactions while systems remained offline. In its public statements, Belen authorities acknowledged the data theft but noted that Karakurt had not yet published any information compromising the institution or its users. No specific details were provided regarding the timeline of intrusion detection or the exact systems initially breached. The incident caused operational interruptions to public services, though the duration of these disruptions was not quantified in available reports. Municipal officials did not disclose whether forensic investigations identified vulnerabilities exploited by the attackers or whether data recovery efforts were undertaken.