Cyber Incident Victim: Instituto Brasileiro de Pesquisas e Desenvolvimento em Astronomia, Geofísica e Metrologia de Tempo e Frequência
Date:
Oct 2015
Location:
Brazil
Summary
A Brazilian research institute experienced website defacements by hackers who compromised two domains, leaving messages in Portuguese questioning the government's cybersecurity preparedness and highlighting vulnerabilities that could enable foreign espionage such as by the NSA. The attackers referenced broader corruption concerns, aligning with concurrent hacktivist actions against Brazilian conglomerate Odebrecht over its involvement in the Petrobras scandal, where ProtonWave hackers demanded an end to corporate theft from citizens. Both incidents underscored demands for institutional accountability, with perpetrators framing their intrusions as protests against systemic corruption and inadequate digital protections, though all affected sites were subsequently restored.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On October 8, 2015, reports confirmed that hackers compromised two domains belonging to the Brazilian Institute of Research and Development in Astronomy, Geophysics and Metrology of Time and Frequency (MCTI) during a Sunday defacement attack preceding the publication date. The targeted websites—intranet.on.br and euler.on.br—displayed a Portuguese-language message questioning the security of Brazil’s cyber infrastructure. Attackers embedded an English statement mocking the ease of the breach, suggesting it would take "5 min to break into the NSA" while implying broader vulnerabilities in national systems. Zone-h.org mirrors documented the defacements, which remained publicly accessible as proof of compromise. The hackers framed their actions as a critique of both inadequate governmental cybersecurity defenses and potential NSA surveillance capabilities against Brazilian citizens. No data exfiltration or prolonged system disruption was reported, with restoration completed by the article’s publication date.
This incident occurred amid broader hacktivist operations targeting Brazilian entities in late 2015. On September 10, a separate group identifying as ProtonWave defaced the website of Odebrecht, a major conglomerate implicated in the Petrobras corruption scandal, demanding the corporation "stop stealing from Brazilians." While operationally distinct from the MCTI breach, ProtonWave’s public statements similarly emphasized anti-corruption motives and support for Federal Police investigations under Operation Lava Jato. Both incidents reflected concurrent tensions regarding institutional trust, with attackers leveraging website defacements as symbolic protests rather than deploying destructive malware or ransomware. The restoration of all compromised websites concluded the immediate technical impacts, though no institutional security upgrades or law enforcement responses were detailed in available reports.