Cyber Incident Victim: Cape Verde State Private Technology Network

The cyber attack on Cape Verde's State Private Technology Network (RTPE) occurred at dawn on November 26, 2020, disrupting critical government infrastructure. The incident blocked the entire authentication structure, preventing standard access protocols, and impaired some systems responsible for providing online public services. This disruption hindered routine operations dependent on RTPE, though the specific duration of the outage was not detailed in public statements. The attack’s technical mechanism remained unspecified in available reports, but its impact centered on disabling core authentication functions essential for system access. No initial claims of responsibility or explicit motives were disclosed by attackers in the immediate aftermath. Government officials did not immediately characterize the incident as ransomware-related during initial public communications, focusing instead on operational impacts. The disruption demonstrated vulnerabilities in the network’s authentication framework, though the full technical scope of compromised systems was not elaborated. Service interruptions affected citizens and businesses relying on the targeted online platforms, though granular details about specific sectors or services were absent from official remarks. The timing at dawn suggested potential coordination to maximize disruption during low-activity periods.

Finance Minister Olavo Correia addressed the incident on November 26, confirming recovery efforts were underway but declining to verify any ransom demands. When questioned by journalists about potential hacker ransom requests, Correia stated he lacked information about such demands, emphasizing service restoration as the priority. He noted that state criminal investigation services had assumed responsibility for examining the attack’s legal dimensions, though no specifics about investigative methods or international cooperation were provided. The government’s public response focused on operational recovery rather than technical attribution or negotiation status with threat actors. No data theft or exfiltration claims were acknowledged in ministerial comments, concentrating instead on authentication and service availability impacts. Recovery timelines remained undefined in initial statements, with restoration work described as ongoing at the time of Correia’s remarks. The absence of confirmed ransom demands contrasted with typical cyber extortion patterns, leaving the attackers’ precise objectives unverified through official channels. Public communications maintained a procedural tone regarding criminal inquiries without disclosing forensic findings or suspected actor profiles. The incident remained under active investigation by domestic authorities as restoration continued, with no subsequent updates disclosed within the immediate aftermath period covered by available reporting.