Cyber Incident Victim: San José, Costa Rica

Earlieron Friday, visitors to the official YouTube channel of the Costa Rican presidency observed that the channel’s profile picture had been altered to display a logo bearing the word 'Strategy' followed by a bitcoin symbol. At the same time, the most recent videos that had been uploaded to the channel contained content related to cryptocurrency. The presidential office subsequently issued a statement clarifying that neither the logo nor the cryptocurrency‑related videos had been produced or authorized by the government. This unauthorized modification was the first visible indication that the account had been interfered with.

Later on the same day, the YouTube account of President Rodrigo Chaves became the target of an hours‑long cyber attack that temporarily removed it from government control. During the attack, the channel remained accessible to the public but was being manipulated by an external actor. In response, a team comprising experts from the president’s office, the science and technology ministry, and representatives from Google began working to identify and remediate the compromise. Their coordinated efforts succeeded in expelling the unauthorized presence and restoring the account’s normal configurations. By late Friday, the presidential YouTube channel was reported to have returned under full government oversight.

The presidential statement accompanying the restoration noted that no specifics were disclosed regarding the identity or affiliation of the party responsible for the cyber attack. It also indicated that, based on the information available at the time, there was no evidence to suggest that any sensitive or classified information had been accessed or exfiltrated during the incident. The Reuters coverage concluded that, while the service interruption was resolved, the underlying motives and tactics employed by the attackers remained unspecified.