Cyber Incident Victim: Taboão da Serra Municipality
Date:
Oct 2023
Location:
Brazil
Summary
The municipality of Taboão da Serra experienced a cyberattack disrupting its official portal, necessitating temporary downtime for security measures, with services expected to resume shortly; authorities were notified. Previously, the organization faced a ransomware incident where primary and backup servers were compromised, resulting in encrypted data and a cryptocurrency ransom demand, though payment details remain undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 27, 2023, the Municipality of Taboão da Serra, Brazil, confirmed a cybersecurity incident affecting its official online portal. The municipal government issued a statement acknowledging the attack and indicated the portal had been temporarily taken offline as a precautionary security measure. Officials emphasized that the impact was confined to the portal’s unavailability, with no evidence suggesting broader compromise of municipal systems or data exfiltration. The Information Technology Department reported conducting daily defensive actions against unauthorized access attempts and domain index abuses falsely using the municipality’s name. External sources observed the portal had been inaccessible since the preceding weekend, though the administration did not clarify the exact timeline of the outage. Restoration efforts were underway with an expectation of normalization in the near term. Competent authorities, including the Taboão da Serra Police Department, were notified per standard incident response protocols.
This incident follows a prior ransomware attack against the municipality on August 27, 2021, which resulted in significant operational disruption. During the 2021 event, threat actors compromised both primary and backup servers, encrypting data and demanding ransom payment in Bitcoin. Municipal communications confirmed the deployment of malware designed to hijack systems and encrypt content but withheld details regarding ransom negotiations or payments. The Secretariat of Legal Affairs collaborated with the IT Department to report the breach to law enforcement agencies, including the Taboão da Serra Police Sectional Department. No public disclosures followed regarding data recovery methods or whether systems were restored from backups. The recurrence of cyber incidents across separate administrations highlights persistent targeting of municipal infrastructure, though technical specifics linking the 2021 and 2023 events remain undisclosed by authorities.