Cyber Incident Victim: Alcaldía de Medellín
Date:
Feb 2023
Location:
Colombia
Summary
A cyberattack targeted the integrated emergency and security system (SIESM) of Medellín's municipal administration, specifically affecting dispatch servers but not disrupting emergency call reception via the 123 hotline. The incident prevented case reporting within the system, which coordinates 11 agencies including police, fire services, and disaster risk management. Technical teams from multiple municipal entities collaborated to repel the attack using advanced protection systems, ensuring continued emergency response operations. Authorities launched an investigation with specialized police and prosecutors, calling the incident an attack on public safety. This occurred amid separate cybersecurity disruptions affecting other Colombian organizations, though no operational link was confirmed. Normal operations were restored following containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2023, the Alcaldía de Medellín reported a cyberattack targeting the dispatch servers of its Sistema Integrado de Emergencias y Seguridad (SIESM), an integrated platform coordinating 11 emergency and security agencies including the National Police, Fire Department, Disaster Risk Management Department, and the 123 emergency hotline. The incident occurred during the afternoon hours, with the origin remaining unidentified at the time of reporting. While the attack compromised the SIESM dispatch servers responsible for logging emergency reports, critical frontline operations—including the 123 emergency line’s ability to receive calls—remained functional throughout the incident. This selective disruption prevented newly reported emergencies from being formally registered in the system despite continued call reception, creating operational gaps in case documentation and coordination workflows. The municipal administration confirmed the attack was successfully contained and repelled on the same day through coordinated efforts involving engineers, specialists, and technicians from the Security and Coexistence Secretariat, the Empresa para la Seguridad y Soluciones Urbanas (ESU), and Empresas Públicas de Medellín (EPM).
Authorities attributed the mitigated impact to existing advanced technological safeguards and protective shields within SIESM’s infrastructure, which prevented full operational paralysis across the integrated agencies. By the conclusion of response activities, all security and emergency services in Medellín resumed normal operations, including complete functionality of the 123 emergency line’s case processing. The municipal government characterized the incident as an assault on public safety and initiated a joint investigation with the Metropolitan Police and the sectional Prosecutor’s Office to determine the attack’s origin and perpetrators. This incident occurred against a backdrop of heightened cyber threats in Colombia, notably following a separate January 22 attack on pharmaceutical company Audifarma that forced the shutdown of its physical and virtual servers, though no direct connection between the two events was established in available reporting. The Alcaldía emphasized no broader server compromise occurred beyond the SIESM dispatch systems, maintaining continuity of emergency response capabilities throughout the cyber incident.