Cyber Incident Victim: Happmobi
Date:
Oct 2022
Location:
Brazil
Summary
A Brazilian telecommunications company, Happmobi, was claimed as a victim by the Lockbit 3.0 ransomware group, though the claim lacked supporting evidence and remained unverified. The incident coincided with a wave of cyberattacks across Latin America, including disruptions to another telecom provider that experienced network outages and isolated its digital wallet platform to protect user funds, though some customers still reported issues. Multiple regional organizations faced operational impacts during this period, with some halting services entirely, though no ransom demands or responsible parties were confirmed in several cases.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Lockbit 3.0, a ransomware group, listed Happmobi (Brazil) among its claimed victims in late October 2022, alongside Cooperativa Antonio Vega Granados R.L. (Costa Rica), Sociedad Balbiana (Spain), Macrotel (Argentina), and Fisco Saéde (Brazil). The group did not provide proof-of-hack evidence (proof packs) to validate these claims, leaving their involvement unverified. Fisco Saéde and Villa Toro de Hisba (Brazil) separately reported cyberattacks occurring between October 25-28, 2022, but neither organization publicly attributed the incidents to Lockbit. No technical details, operational impacts, or data compromise specifics regarding Happmobi’s incident were disclosed in publicly available sources.
The broader regional context during this period included multiple disruptive cyberattacks. Personal Paraguay suffered a confirmed malicious attack starting around October 25, causing service disruptions to cellular, internet, and television systems, though core services remained operational due to preventative measures. The company isolated its e-wallet platform proactively to protect user funds and data integrity, though some customers reported wallet-related issues despite these assurances. ALMA Observatory (Chile) halted operations on October 29 following a cyberattack, with no ransom demand or claiming group identified. Lockbit’s unsubstantiated claims against Happmobi and others occurred amid this regional cluster of incidents, though no corroborating evidence linked Happmobi’s event to Lockbit or detailed its scope, detection methods, containment actions, or recovery timeline.