Cyber Incident Victim: Congreso de Jalisco
Date:
Dec 2022
Location:
Mexico
Summary
A cyberattack targeted the legislative body of Jalisco, compromising 14 of its 17 servers through ransomware identified as "Play," which encrypted data and rendered systems inaccessible. The breach affected legislative records including decrees, session minutes, legal documents, parliamentary gazettes, and accounting files, though the extent of data loss or exfiltration remained unclear. Operations continued using temporary tools while authorities filed a formal complaint and investigated potential links to attacks on other government entities, including agencies in Argentina. The incident prompted the Transparency Committee to enact data protection measures, citing legal obligations to safeguard personal information under its jurisdiction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early December 2022, multiple government institutions in Jalisco, Mexico, experienced cyberattacks targeting their servers. The first confirmed incident occurred at the Jalisco Institute of Statistical and Geographical Information (IIEG), whose systems became compromised on December 5, forcing the institute to take its website offline for maintenance. Shortly thereafter, the State Congress of Jalisco disclosed it had suffered a more extensive breach during the weekend of December 2-4, when cybercriminals successfully infiltrated 14 of the legislature's 17 servers. According to Congressional President Mirelle Montes Agredano, attackers initially compromised the legislative body's computing system through a ransomware variant identified as "Play," which encrypted critical data and rendered systems inaccessible. The affected servers contained parliamentary records including session minutes, procedural documents, legislative decrees, gazette publications, legal demands, and accounting information. While technical staff detected the security breach through anomalous system activity, investigators could not immediately determine whether data had been exfiltrated, deleted, or remained solely encrypted. Initial forensic analysis revealed the attackers had launched over 29 billion cyber intrusion attempts against Jalisco government systems between May and November 2021 alone, with the IIEG previously identified as the most frequent target prior to the December incidents.
The attacks caused significant operational disruptions across affected agencies. The IIEG's prolonged website outage prevented public access to statistical information, while legislative operations at the Congress faced paralysis of core documentation systems. Congressional Secretary General Tomás Figueroa confirmed the institution resorted to temporary alternative tools to maintain basic functionality during recovery efforts. Officials emphasized the attacks represented both administrative burdens requiring taxpayer-funded remediation and violations of public information access rights. On December 4, the Congressional Transparency Committee convened an emergency session chaired by Deputy Montes Agredano, approving formal measures under Articles 83-84 of Mexico's General Law on Protection of Personal Data Held by Obligated Subjects. These provisions authorized the committee to coordinate security responses, establish data protection protocols, and refer potential irregularities to internal oversight bodies. The legislature filed an official complaint with the State Prosecutor's Office while investigators noted connections to similar attacks against government entities in Córdoba, Argentina. Despite containment efforts, authorities could not ascertain the total volume of compromised files or identify perpetrators, with no ransom demands or attack motives publicly disclosed during initial response phases.