Cyber Incident Victim: Assembleia Nacional
Date:
Feb 2024
Location:
Cape Verde
Summary
A ransomware attack encrypted several servers within a single segment of the Assembleia Nacional's network, disrupting parliamentary operations while leaving other segments and external servers untouched. The compromised payroll server was restored, investigators from the institution's information security team, NOSI and the judicial police are tracing the source, and officials confirm that the isolated network design prevented any spread to governmental or external systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around late February 2024, the Assembleia Nacional began experiencing disruptions due to a cyber attack that had been active since the previous week. Technicians from the Assembleia Nacional, the Núcleo Operacional da Sociedade de Informação (NOSI), and a team from the Polícia Judiciária were mobilized to investigate the origin of the incident. The head of the Department of Communication and Information Security, Avelino Pires, confirmed that the attack was ransomware, a form of malicious software used by criminals to encrypt data. He stated that the ransomware had encrypted some servers located within a single segment of the parliamentary network.
The encryption affected only that network segment, leaving other segments untouched and preserving information stored elsewhere. Notably, the Primavera server, which is used for processing salaries, was among the systems that were impacted and later recovered. Servers hosting external organs of the Assembleia Nacional remained unaffected, resulting in no loss of information in those areas. Because the attack was confined to one segment, the overall data integrity of the network was largely maintained outside the compromised area.
The Department of Communication and Information Security launched an investigation process to determine the source and method of the ransomware infiltration. Avelino Pires assured that there is no risk of the infection spreading to networks external to the Assembleia Nacional, including the broader State network, as those networks operate independently. By the time of the report on 22 March 2024, officials characterized the situation as being under control while the investigative work continued.