Cyber Incident Victim: Palmas, Tocantins, Brazil

On the evening of January 17, 2023, government websites in Tocantins, Brazil, experienced a cyberattack that compromised multiple platforms operated by state secretariats. At approximately 8:00 PM local time, attackers breached the systems and defaced websites by publishing images of President Luiz Inácio Lula da Silva, including a digitally altered photograph depicting him in a prison setting. The Agência de Tecnologia da Informação (ATI), responsible for managing the state's digital infrastructure, confirmed the incident and implemented immediate containment measures by taking all affected portals offline as a precautionary step. By the morning of January 18, the websites remained inaccessible, displaying a standardized error message indicating technical difficulties and ongoing restoration efforts. The ATI publicly stated that hackers had modified content on some pages and emphasized their focus on restoring services securely while guarding against potential follow-up attacks.

The Tocantins Civil Police initiated an investigation through its specialized cybercrime unit (DRCC) to trace the attack's origin and identify perpetrators. No data loss or additional attacker objectives beyond the defacement were disclosed in official communications. Service disruptions persisted into the following day, with no specified restoration timeline provided by authorities. The ATI's full statement reiterated the precautionary takedown of portals and collaboration with law enforcement. This incident occurred amid a broader pattern of cyberattacks targeting Brazilian public sector entities in early 2023, though the narrative specifically concerning Tocantins contains no confirmed technical details about attack vectors, infrastructure impacts beyond website unavailability, or attribution beyond generic references to "hackers." Restoration efforts prioritized security reinforcement against potential subsequent incidents.