Cyber Incident Victim: Brazilian National Treasury

On August 13, 2021, the Brazilian National Treasury suffered a ransomware attack, prompting an official statement from the Ministry of Economy. Immediate containment measures were implemented to limit the cyberattack’s impact, though specific technical details of these actions were not disclosed. Preliminary assessments confirmed no compromise to core structuring systems, including platforms critical to public debt administration. Security teams from the National Treasury and the Digital Government Secretariat (DGS) initiated forensic analyses to evaluate the attack’s full scope and consequences. The Federal Police was formally notified to support investigations, reflecting the incident’s severity. The Ministry committed to providing further updates transparently as the situation evolved, though no timeline for resolution was specified.

The attack did not disrupt Tesouro Direto, a retail government bond platform, as confirmed by a joint announcement from the National Treasury and the Brazilian Stock Exchange on August 16. This assurance aimed to mitigate public concern over financial system stability. The incident followed a November 2020 cyberattack against Brazil’s Superior Electoral Court, which had paralyzed operations for over two weeks—the most extensive recorded assault on a Brazilian public institution at that time. In July 2021, the federal government had established a coordinated cyberattack response network to accelerate threat mitigation across over 200 federal bodies. The DGS, central to this initiative through its management of the federal IT resource system (SISP), led the Treasury incident analysis alongside internal specialists. No ransomware variant, attribution, or explicit ransom demands were disclosed in available reports.