Cyber Incident Victim: Prefeitura Municipal de Russas, Ceará
Date:
Jan 2023
Location:
Brazil
Summary
A cyber incident involving unauthorized access to the Brazilian government's webmail system resulted in the exfiltration of 845MB of data from the municipal administration, including sensitive documents such as medical certificates, identification records, vouchers, resumes, and registration forms. The attackers, identifying as GhostSec, claimed the breach was intended to expose inadequate security measures and publicly released the data without ransom demands. The affected entity had not issued any public notifications regarding the breach at the time of the disclosure, despite the attackers' assertion that they attempted to alert the organization via email to review their systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 10, 2023, a group identifying as GhostSec announced on Telegram that they had compromised the Brazilian government’s webmail system (gov.br), specifically accessing data from the Prefeitura Municipal de Russas in Ceará. The group claimed to have exfiltrated 845MB of data, including medical certificates, vouchers, resumes, registration forms, personal identification documents, passport information, government receipts, and emails. GhostSec stated their initial motivation was to disrupt and humiliate the Brazilian government, referencing recent political protests and riots in the country. They publicly released the data without ransom demands, encouraging others to analyze it. The attackers reported finding no public acknowledgment of the breach on the municipality’s website or social media channels prior to their disclosure. GhostSec also claimed to have emailed the municipality to alert them about the breach and urged them to review their systems, though no response from the municipality was documented in the source material.
The compromised data exposed sensitive personal and administrative information, creating risks of identity theft, financial fraud, and reputational harm to affected individuals. The breach impacted municipal operations in Russas, though the specific duration of system unavailability or operational disruption was not detailed in the source. GhostSec’s disclosure highlighted vulnerabilities in the government’s webmail infrastructure, though the exact attack vector (e.g., phishing, software exploit) remained unspecified. No evidence indicated encryption of systems or ransom demands, distinguishing this incident from concurrent ransomware attacks like Hive’s breach of Centro Médico Virgen de la Caridad. The municipality did not issue public statements regarding the breach, mitigation efforts, or system restoration timelines as of the article’s publication date (January 13, 2023). The absence of confirmed containment actions or third-party investigations left the scope of the breach and remediation status unresolved in available reporting.