Cyber Incident Victim: Empresas Municipales de Cali
Date:
Jun 2024
Location:
Colombia
Summary
A public utility in Cali successfully contained a cyberattack targeting its commercial, billing, and information systems within two hours of detection. The incident, occurring during a holiday period, prompted immediate isolation of affected infrastructure to prevent propagation, though latent threats remained during system reconnection phases. Technical teams dedicated over 35 hours to securing and restoring operations, with attackers suspected of attempting to disrupt commercial applications for extortion purposes. While acknowledging prior similar incidents, the organization emphasized its trained response capabilities and ongoing digital security enhancement initiatives to safeguard critical services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of Sunday, June 9, 2024, Emcali (Empresas Municipales de Cali) experienced a cyberattack targeting its commercial, billing, and information systems. The incident began at approximately 9:30 a.m. while many residents were observing a holiday weekend. Roger Mina, Emcali's manager, stated the attack primarily focused on systems supporting commercial operations, with attackers likely attempting to block critical applications to extort the organization. The company's Information Technology Management team detected the intrusion and initiated containment protocols immediately. They successfully isolated affected systems to prevent lateral movement across Emcali's network infrastructure. Within two hours of the attack's initiation, technicians had blocked and neutralized the primary threat vectors.
Despite rapid containment, technical teams required over 35 consecutive hours to fully secure and restore operational integrity to all systems. Mina emphasized ongoing latent threats necessitated sustained vigilance, particularly during system reconnection phases where residual risks remained. While Emcali had previously encountered cyber incidents, this event accelerated implementation of a dedicated project to strengthen digital security across all organizational platforms. Concurrently, Colombia's Minister of Information Technologies Mauricio Lizcano disclosed at the 2024 Banking Convention that the country had endured 20 billion cyberattacks during the first five months of 2024, highlighting systemic vulnerabilities. The financial sector remained a frequent target, though Lizcano noted its comparatively advanced cybersecurity preparedness. These developments occurred alongside government initiatives like the Colombia PotencIA Digital strategy, which included a proposed $20 billion COP cybersecurity hub in VillamarĂa and specialized cybercrime reporting channels to bolster national defenses.