Cyber Incident Victim: Macau, People's Republic of China
Date:
Jul 2024
Location:
Macao
Summary
Multiple government websites in Macau were compromised in a cyberattack targeting key security and emergency service departments, including the offices of the security secretary, public security police, fire services, and security forces bureau, resulting in service disruptions. Authorities attributed the intrusion to overseas sources and initiated a criminal investigation while collaborating with telecommunications operators to restore affected systems through emergency response measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 11, 2024, Chinese state media reported that multiple Macau government websites experienced cyber intrusions, prompting a criminal investigation by local police. The attacks targeted critical administrative bodies, including the Office of the Secretary for Security, the Public Security Police, the Fire Services Department, and the Security Forces Services Bureau. These coordinated breaches resulted in service disruptions, rendering the affected websites inaccessible to users. Security officials from the Macau Special Administrative Region’s government confirmed the incidents on Wednesday evening but did not disclose the exact time of initial compromise or the duration of unauthorized access. The attacks exclusively disrupted website availability, with no public confirmation of data exfiltration, defacement, or additional malicious activities beyond service blockage. Authorities immediately classified the event as a criminal act, initiating forensic procedures to identify intrusion vectors and threat actors.
Macau officials attributed the attacks to overseas-based perpetrators, according to CCTV reports, though no specific countries, groups, or technical evidence substantiating this claim was disclosed. Emergency response protocols were activated in collaboration with telecommunications providers to restore operational continuity, prioritizing the reactivation of critical public-facing services. The government’s public statements focused exclusively on containment and recovery efforts, omitting details about residual risks, attacker motivations, or exploited vulnerabilities. Police investigators did not release preliminary findings regarding attack methodologies, such as phishing, malware deployment, or infrastructure weaknesses. Service restoration timelines and the full scope of impacted systems beyond the named agencies remained unspecified at the time of reporting. The incident marked a visible operational disruption but concluded without further elaboration on long-term consequences or systemic compromises.