Cyber Incident Victim: Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco
Date:
Mar 2023
Location:
Argentina
Summary
A cyberattack disrupted operations for the Argentinian utility CEOSP, forcing temporary closure due to compromised servers. Technical teams worked since Sunday to resolve the incident, reportedly triggered by a malicious email that spread a virus across the entire computer system, rendering machines inaccessible. The threat actors demanded ransom for the restoration of files containing critical operational data accumulated over years, though the utility's emergency electrical services remained functional. The cooperative acknowledged the situation publicly but provided no confirmation regarding ransom demands or possible data compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 12, 2023, Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP), an Argentine electricity cooperative, experienced a cyberattack that disrupted its operations. According to media reports citing CEOSP’s technical staff, the incident originated when an employee opened a malicious email, allowing a virus to infiltrate the cooperative’s entire computer network. This compromised all connected machines, rendering them inaccessible to staff. The attackers subsequently demanded payment in exchange for restoring access to files and historical operational data. CEOSP acknowledged service disruptions in a March 16 Facebook notice, announcing the closure of its offices on March 17 due to server problems while assuring customers that emergency electrical issue reporting via phone would remain functional. The cooperative stated its technical team had been working to resolve the situation since the morning of March 12, though it did not publicly identify the threat actor or disclose whether ransom negotiations occurred.
The attack caused significant operational disruption, forcing facility closures and limiting administrative functions. CEOSP advised customers to conserve electricity responsibly, implying potential impacts on service reliability. Media outlet Boscoproducciones reported the attackers had encrypted critical files, paralyzing access to years of operational data essential for the cooperative’s functions, though there was no evidence of consumer data theft. CEOSP maintained emergency response capabilities by preserving phone-based outage reporting via the 452525 hotline. Despite media inquiries via email, the cooperative provided no further details regarding attack attribution, data recovery status, financial demands, or restoration timelines beyond its initial Facebook statement. The incident highlighted vulnerabilities in critical infrastructure systems while leaving key technical specifics—including initial infection vectors beyond the email entry point and remediation progress—unconfirmed by official sources.