Cyber Incident Victim: Government of Brazil
Date:
Jan 2023
Location:
Brazil
Summary
A cyberattack targeted government websites in Tocantins, Brazil, resulting in unauthorized defacement with manipulated images of the country's president. The state's Information Technology Agency took affected portals offline as a precautionary measure and initiated restoration efforts with enhanced security protocols, though services remained unavailable the following day. The specialized cybercrime division of the Tocantins Civil Police launched an investigation to identify the perpetrators. This incident aligns with recent attacks against other Brazilian public entities, including Curitiba's Municipal Chamber and Pará's Court of Justice, where unauthorized access caused multi-day service disruptions. In the Curitiba case, a third-party software provider's compromised servers led to database access by attackers, though encrypted systems were later fully recovered without data loss.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of January 17, 2023, government websites in Tocantins, Brazil, were compromised in a cyberattack. Attackers breached platforms belonging to state secretariats around 8 PM local time, defacing sites with manipulated images of President Luiz Inácio Lula da Silva, including one depicting him in prison. The Agência de Tecnologia da Informação (ATI) confirmed the intrusion and proactively took all affected portals offline to contain the incident. Restoration efforts began immediately, though sites remained inaccessible the following morning (January 18), displaying an error message acknowledging technical issues and promising swift resolution. The Polícia Civil do Tocantins activated its specialized cybercrime unit (DRCC) to investigate the attack’s origin and identify perpetrators. No data theft or encryption was reported; the primary impact was service disruption and reputational damage from the defacement.
This incident occurred amid a broader pattern of attacks targeting Brazilian public sector entities in early 2023. Recent weeks saw similar compromises at the Curitiba Municipal Council (CMC) and the Pará Court of Justice (TJPA), both experiencing multi-day service outages. The TJPA confirmed no data loss despite four days of downtime, while the CMC’s breach stemmed from a December 2022 attack on Elotech Gestão Pública, its software services provider. Elotech’s servers were infiltrated, granting attackers unauthorized database access before systems were decrypted and restored. The Tocantins government’s response mirrored standard containment protocols—isolating systems, initiating forensic investigations, and prioritizing secure restoration—though no technical specifics about attack vectors or full recovery timelines were disclosed.