Cyber Incident Victim: Coprocenva
Date:
Jun 2025
Location:
Colombia
Summary
Coprocenva experienced a cyberattack that disrupted some communication channels and hindered agency services, prompting activation of security protocols and a contingency plan to diagnose damages and restore services. The central system was isolated preventively despite showing no visible signs of compromise, while digital services like Red Coopcentral and PSE remained fully operational. Member assets and financial infrastructure were confirmed secure, with ongoing efforts by internal tech teams and cybersecurity experts to contain the attack, protect data integrity, and coordinate with authorities for investigations. Digital services such as Red Coopcentral and PSE remained fully operational throughout the incident, and member assets were confirmed to be secure and protected. Restoration of agency services progressed progressively, and the organization maintained transparency by advising members to report suspicious communications through official channels while working with experts and authorities to contain the threat and restore full operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of Tuesday, 17 June 2025, Coprocenva identified that it had become the target of a cyberattack that affected several of its communication channels, causing a temporary disruption in the attention provided at its agency offices. The incident was detected shortly after the anomalous activity began, prompting the immediate activation of the organization’s established security protocols. A contingency plan was launched to diagnose the extent of the damage and to begin restoring services with the least possible impact on members. Upon confirmation of the breach, Coprocenva’s technology team commenced collaboration with external cybersecurity experts to contain the attack and safeguard the integrity of its information assets. Simultaneously, the organization notified the relevant authorities to support the investigative process and ensure compliance with legal obligations.
As part of the response, Coprocenva isolated its central system preventively; although this core infrastructure showed no visible signs of compromise, its use was restricted to avoid any additional risk given that the broader network had been identified as compromised. The isolation measure was intended to protect the financial infrastructure, which the organization confirmed remained unaffected and continued to operate with the necessary mechanisms to guarantee the security of members’ resources. While the central system was isolated, digital channels such as the Red Coopcentral platform, PSE services, and other online offerings continued to function normally, ensuring uninterrupted access for members who rely on those avenues. Agency services for members who do not use the Red Coopcentral channel were reported to be progressing through a phased restoration process, with attention gradually returning to pre‑incident levels. Throughout the incident, Coprocenva emphasized that members’ funds remained completely safe and that no financial data had been altered or exposed.
Coprocenva maintained open communication with its associates, advising them to report any unusual or unauthorized communications purporting to come from the organization exclusively via the telephone line 300 912 1300 or through the chat feature on its website www.coprocenva.coop. The organization’s technology team, supported by cybersecurity specialists, continued to work without interruption to contain the threat, eradicate any residual presence, and restore full functionality across all affected systems. The efforts were overseen by the Board of Directors and General Management, who monitored technical and operational decisions to protect the entity and its members. Coprocenva expressed confidence that normal service levels would be reestablished as swiftly as possible and thanked its associates for their understanding and cooperation during the response period.