Cyber Incident Victim: Legislatura CABA
Date:
Sep 2022
Location:
Argentina
Summary
A ransomware attack targeted the legislature of Buenos Aires, compromising internal operating systems and disabling WiFi connectivity. The incident prompted immediate measures to maintain parliamentary operations while restoration efforts commenced, including gradual reactivation of affected systems and collaboration with specialists. Law enforcement agencies were notified, though no ransomware group claimed responsibility. The legislature's website remained inaccessible during the initial recovery phase. This attack aligns with broader regional trends of ransomware incidents affecting government entities across Central and South America, including prior compromises of judicial and financial departments in neighboring countries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The ransomware attack on the Legislatura de la Ciudad Autónoma de Buenos Aires (Legislature of Buenos Aires) began on September 11, 2022, compromising internal operating systems and disabling the building’s WiFi network. The legislature publicly disclosed the incident through official Twitter communications on September 12-13, confirming immediate operational disruptions. Parliamentary functions continued through implemented contingency measures, though specific technical details about the attack vector or encryption methods were not disclosed. By September 13 (Tuesday EST), restoration efforts were underway with plans to reactivate WiFi connectivity first, followed by gradual reinstatement of other affected systems. The legislature’s public website remained offline during this period, indicating persistent infrastructure impacts.
Technical teams collaborated with specialized cybersecurity experts to restore systems, though no estimated timeline for full recovery was provided. The incident was reported to multiple Argentine law enforcement agencies, though no investigative details were released. No ransomware group claimed responsibility, distinguishing it from contemporaneous attacks in Argentina’s Judiciary of Córdoba (August 2022) and Chile’s unnamed government agency (early September 2022). The attack occurred amid a regional surge in ransomware operations targeting public sector entities, including April 2022’s breach of Rio de Janeiro’s Secretary of State for Finance and Costa Rica’s government paralysis in May 2022. Legislative operations maintained continuity through unspecified procedural adaptations while restoration work continued.