Cyber Incident Victim: Agência Nacional de Águas e Saneamento Básico
Date:
Sep 2023
Location:
Brazil
Summary
The Agência Nacional de Águas e Saneamento Básico experienced a cyberattack that prompted an immediate disconnection of external communications to contain the breach, rendering its systems inaccessible. Recovery efforts began with the gradual restoration of critical platforms, including drought and river monitoring tools, educational course catalogs, and metadata portals, prioritizing systems essential for water resource management. The agency is conducting ongoing security analyses and collaborating with other affected government entities and cybersecurity institutions to ensure a secure, phased return of remaining services while safeguarding user data and system integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 27, 2023, the Agência Nacional de Águas e Saneamento Básico (ANA) experienced a cyberattack that disrupted its operational systems. The agency immediately severed all external communications to isolate the attack and prevent further propagation, resulting in the complete unavailability of its digital platforms for public and internal use. This isolation measure formed the initial containment response, halting the attack but rendering ANA’s systems inaccessible for an extended period. Following the containment, ANA initiated a thorough analysis of its systems starting on the same day as the attack to assess the scope of the compromise and ensure security protocols were sufficient for eventual restoration. The analysis phase lasted seven days, during which no systems were operational, impacting the agency’s ability to provide hydrological monitoring data and other public services.
ANA began restoring systems on October 4, prioritizing critical water management tools. The first system reactivated was the Monitor de Secas (Drought Monitor), a platform for tracking drought conditions across Brazil, followed by the Ficha de Campo (Field Sheet) system, used for recording river and rainfall monitoring data. On October 5, ANA restored access to the catalog of training courses for the National Water Resources Management System (SINGREH) via its Education and Capacity Building Portal, alongside the Metadata Portal of the National Water Information System (SNIRH), which hosts hydrological datasets. The agency announced plans for a phased recovery of remaining systems, emphasizing security assessments before each restoration. Transversal systems like Hidro, a foundational platform for real-time river and rainfall monitoring, were prioritized for subsequent reactivation. ANA coordinated with other government entities that had recently faced cyberattacks and cybersecurity institutions to strengthen its response. No specific timeline was provided for full recovery, with restoration efforts expected to continue incrementally over subsequent weeks to ensure user and data security.