Cyber Incident Victim: Autoridade Portuária de Santos
Date:
Apr 2024
Location:
Brazil
Summary
The websites of the consumer protection agency and the port authority were taken offline after a cyberattack claimed by the hacker group Team R70, which identified an individual named Azael as responsible. The port authority said its security team was investigating the instability and found no evidence of data loss, while the city noted the site would remain unavailable until verification was completed and provided alternative contact methods for the consumer protection service.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On the afternoon of Thursday, April 4, 2024, the websites of the Procon de Santos and the Autoridade Portuária de Santos (APS) were taken offline after suffering a cyber‑attack. The hacker group Team R70 claimed responsibility for the intrusion, identifying one of its members as Azael, but did not disclose any motive for the action. The Prefeitura de Santos issued a statement confirming that it had immediately contacted the company responsible for maintaining the sites and that an investigation would be launched to determine the cause of the incident. According to the municipal notice, the sites would remain inaccessible until the verification process conducted by the contracted company was completed. By the morning of Friday, April 5, 2024, the Procon and APS pages were still not reachable, confirming the continued impact of the attack on the online services provided to the public.
The disruption prevented citizens from accessing the usual online channels for filing complaints, seeking consumer protection information, and completing port‑related procedures through the APS portal. In response, the Prefeitura de Santos reminded residents that they could still reach the Procon by telephone at 0800 779‑0151 or (13) 3219 9001, via email at [email protected], or in person at the Poupatempo office located on Rua João Pessoa, 246, operating from 9 a.m. to 4 p.m. Meanwhile, the APS reported that its internal cyber‑security team had detected an instability in the site and was actively working to verify the origin of the incident. The authority emphasized that, based on a preliminary analysis, there was no indication of data leakage or loss of any kind, and it pledged to disclose any suspicious activity should it be identified during the ongoing review.
The attack echoed a previous campaign by Team R70, which in November 2023 had targeted several federal institutions’ websites in protest over the handling of sexual‑harassment cases in academic settings, with the Federal University of São Paulo (Unifesp) among those affected. Although the group’s current statement did not reference a specific grievance, the pattern of claiming responsibility for disruptive actions against public‑sector online presences remained consistent. Throughout the incident, official communications focused on confirming the service outage, detailing the steps taken by municipal and port authorities to address the breach, and providing alternative means for the public to obtain necessary assistance while the sites remained under investigation.