Cyber Incident Victim: Macon-Bibb County Government
Date:
May 2024
Location:
United States of America
Summary
A cyberattack targeted Macon-Bibb County, Georgia, prompting officials to take the government network offline as a containment measure upon discovery. The disruption affected municipal operations, causing unreliable access to email systems and landline phone services for government offices. County authorities engaged state and federal security agencies for assistance and implemented additional security measures during the investigation. While the nature of the incident was not explicitly confirmed as ransomware, the response mirrored recent similar incidents involving network shutdowns to mitigate threats. The county, serving approximately 150,000 residents, emphasized caution in its approach, aligning with broader advisories against ransom payments due to uncertainties in data recovery and system integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack disrupted operations in Macon-Bibb County, Georgia, during the weekend preceding May 12, 2024. County officials detected a potential network breach and responded by taking their entire government network offline as a containment measure. This action occurred immediately upon discovery of the incident, though the exact detection method and initial intrusion vector were not publicly disclosed. The network shutdown caused significant operational disruptions, with government offices still unable to reliably access email accounts or landline telephone services by the following Monday. The county government, serving approximately 150,000 residents located 85 miles southeast of Atlanta, maintained network isolation while investigating the breach and implementing additional security measures.
County spokesperson Chris Floore confirmed the incident through an official statement but did not specify whether ransomware was involved, despite recent parallels to a cyberattack in Wichita, Kansas, where network shutdowns were similarly employed for containment. The county engaged with unspecified state and federal security agencies for guidance and technical assistance in their response. No details emerged regarding potential data compromise, operational timelines for restoration, or specific systems affected beyond the generalized network outage. The Cybersecurity and Infrastructure Security Agency's standard advisory against ransom payments was referenced in media coverage, though its applicability to this specific incident remained unconfirmed by county authorities. Government operations continued under constrained technological conditions while the investigation progressed.