Cyber Incident Victim: Government of Brazil
Date:
Jan 2023
Location:
Brazil
Summary
A cyber incident involving the Government of Brazil occurred when a group identifying as GhostSec claimed unauthorized access to its webmail system (gov.br), exfiltrating 845MB of data containing personal information, IDs, passport details, government emails, medical certificates, and registration forms from the Prefeitura Municipal de Russas, Ceará. The actors publicly released the data without ransom demands, citing motivations linked to recent civil unrest and intent to expose perceived security deficiencies. No official acknowledgment or statement regarding the breach was observed on the government’s website or social media channels at the time of disclosure. The group reported contacting the entity to alert them of the compromise while encouraging system reviews.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 10, 2023, a group identifying as GhostSec announced via their Telegram channel that they had compromised the Brazilian government’s webmail system (gov.br), exfiltrating 845MB of data. The group claimed the breach targeted the Prefeitura Municipal de Russas in Ceará state, extracting documents including medical certificates, vouchers, resumes, registration forms, emails, personal identification details, passport information, and government receipts. GhostSec stated their motivations were to disrupt and humiliate the Brazilian government, referencing contemporaneous protests and riots in the country, though they did not explicitly link the breach to those events beyond contextual mention. The group released the data publicly without ransom demands, encouraging third-party analysis while acknowledging they had not fully reviewed the dataset themselves. GhostSec reported attempting to contact the municipal government via email to alert them of the breach but observed no public acknowledgment or incident notification on official websites or social media platforms as of their announcement date.
The breach exposed sensitive citizen and governmental operational data, creating risks of identity theft, fraud, and reputational damage. GhostSec’s announcement emphasized the perceived inadequacy of Brazil’s cybersecurity defenses, characterizing the breach as an embarrassment to authorities. While the group claimed the data originated from Russas’ municipal systems, the broader gov.br domain compromise suggested potential impacts beyond a single municipality. No official statements from Brazilian federal or municipal authorities regarding the incident were documented in the source material, nor were any containment measures, forensic investigations, or victim notifications described. The absence of observed remediation actions or public communications left the full operational and legal consequences unverified, though the disclosure timeline and data types indicated significant exposure of personally identifiable information and government correspondence.