Cyber Incident Victim: Instituto de Pesquisas Energéticas e Nucleares
Date:
Mar 2025
Location:
Brazil
Summary
The Institutode Pesquisas Energéticas e Nucleares experienced a cyber incident that triggered multiple attempts to breach its network, prompting IT teams to launch corrective actions and work to mitigate damage while restoring operations. The institute’s physical, radiological and nuclear safety remained unaffected, but as a precaution its network was isolated from external connections, including internet access, until vulnerabilities are addressed. The disruption halted production and supply of key radioactive medicines such as iodine‑131, lutetium‑177, thallium‑201, Guan‑IPEN‑131 (MIBG), technetium‑99m generators and gallium‑67 citrate, which are essential for hospital diagnostics and therapy. Authorities are monitoring the case, though no details about the attack’s origin or perpetrators have been released.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday,March 28, 2025, the Instituto de Pesquisas Energéticas e Nucleares (IPEN/CNEN) experienced a cybersecurity incident characterized by a series of attempted attacks against its institutional network. According to the Comissão Nacional de Energia Nuclear (CNEN), the institution’s information technology teams promptly initiated corrective actions and began working to mitigate any damage while striving to restore normal operations. CNEN emphasized that the incident did not compromise the physical, radiological, or nuclear safety of the facility, confirming that no radiological materials or nuclear processes were affected. As a precautionary measure, the IPEN network was disconnected from the external environment, including all internet access, until all identified vulnerabilities could be addressed and resolved.
The disruption of the institute’s systems directly interfered with the production and distribution of several essential radioactive pharmaceuticals used in medical diagnostics and therapy. These medicines include iodine‑131 for thyroid cancer treatment, lutetium‑177 for neuroendocrine tumor therapy, thallium‑201 for cardiac imaging, guan‑IPEN‑131 (MIBG) for neuroblastoma treatment, the technetium‑99m generator widely employed in nuclear medicine, and gallium‑67 citrate for infection and cancer detection. CNEN stated that restoring the supply of these critical radio‑pharmaceuticals is a top priority, given their importance for hospitals and patients undergoing treatment. The agency confirmed that it is coordinating with relevant stakeholders to ensure that the interruption does not prolong beyond what is necessary to secure the network.
Authorities continue to monitor the situation, but as of the latest public statement no information has been released regarding the origin of the attack or any potentially responsible parties. The ongoing response involves continuous assessment of the network’s status, application of patches and security updates, and verification that all systems are free from residual threats before reconnecting to external networks. Throughout the response effort, CNEN has maintained communication with healthcare providers to keep them informed about the status of the affected medical supplies and any expected delays.
The incident remains under active management, with IT and security teams working to resolve the vulnerabilities and restore full operational capacity while ensuring that the preventive network isolation remains in place until the environment is deemed secure.