Cyber Incident Victim: Senado de la Nación Argentina
Date:
Jan 2022
Location:
Argentina
Summary
The official website of Argentina's Senate experienced multiple cyberattacks, including a recent denial-of-service incident that temporarily disrupted access by overwhelming servers, following an earlier ransomware attack that compromised parliamentary employee data. During the prior intrusion, attackers exfiltrated sensitive internal information such as personnel records, biometric data, identification documents, and operational details, contradicting initial claims that only publicly available materials were affected. These incidents collectively caused extended operational disruptions, with the ransomware attack significantly impairing Senate functions for weeks despite assertions that stolen data lacked confidentiality. The breaches occurred amid broader cybersecurity vulnerabilities affecting national institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Senado de la Nación Argentina experienced multiple cybersecurity incidents between January and April 2022. On January 12, 2022, at 4:00 AM, attackers compromised the Senate's systems using ransomware, a malware variant designed to block access to systems or files until a ransom is paid. This attack disrupted Senate operations for several weeks, with lingering effects nearing the March 1 opening of ordinary sessions. The Senate's official Twitter account acknowledged the breach, characterizing it as involving publicly available information accessible through their transparency portal. Subsequent revelations contradicted this initial assessment when leaked data included non-public employee records, digital fingerprints, national identity documents, passport details, internal operational data, and payroll information. The attackers exfiltrated these sensitive datasets before encrypting systems, employing tactics consistent with double-extortion ransomware campaigns.
A second incident occurred on April 21, 2022, when the Senate website became inaccessible due to a suspected denial-of-service (DoS) attack. This technique overwhelmed servers with excessive traffic, preventing legitimate user access for approximately 30 minutes before normal operations resumed. The disruption evoked comparisons to the more severe January breach among observers. These incidents followed a pattern of government-targeted cyberattacks in Argentina, including an October 2021 breach of the National Registry of Persons (Renaper) where attackers stole millions of records and demanded ransom. Operational continuity challenges persisted following the January ransomware event, though no ransom payment or data restoration negotiations were disclosed by Senate authorities. The cumulative impact exposed systemic vulnerabilities in legislative branch cybersecurity defenses across multiple attack vectors.