Cyber Incident Victim: Sociedad Eléctrica Del Sur Oeste
Date:
Apr 2023
Location:
Peru
Summary
Sociedad Eléctrica Del Sur Oeste suffered a cyber attack that targeted its web system. The attack, which aimed to deny service, prompted the company to suspend all virtual services as a precautionary measure. This suspension impacted customer service, virtual channels, collections, and the virtual help desk. The company's general manager stated that while the attackers accessed the commercial system, a security system prevented them from capturing and retaining the company's information, which remained safeguarded.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of Monday, April 17, 2023, the Sociedad Eléctrica del Sur Oeste S.A. (SEAL), an electric supply company based in Arequipa, Peru, suffered a cyberattack. The incident commenced at approximately 04:00 hours local time. The initial assessment from the company's official communication indicated that the attack targeted the company's web system with the objective of causing a denial of service. This event prompted an immediate and significant operational response from the organization.
In reaction to the security incident, SEAL made the decision to proactively suspend all of its virtual services as a precautionary measure. This suspension was a containment action taken to prevent further potential damage and to allow specialists to work on a solution without ongoing interference. The specific services affected and consequently taken offline included the customer service area, all virtual channels, the collections department—including transactions with financial entities and agents—and the virtual mesa de partes, which is a formal document submission office. This widespread suspension effectively halted the company's public-facing digital operations.
The company's general manager, Paul Rodríguez, provided further details on the nature of the attack. He stated that the perpetrators of the cyberattack had attempted to hack and capture all of the company's information. Their intent, according to his statements, was to seize and retain data. However, he reported that the company's security systems were successful in preventing a comprehensive breach of its information reserves. Rodríguez clarified that the attackers were only able to gain access to the commercial section of the company's systems. He emphasized that the core information had been safeguarded and backed up, stating there was no problem with the security of the data itself, which remained protected.
SEAL's internal response team, consisting of its Information Technology specialists, was mobilized immediately following the detection of the attack. These specialists began working on diagnosing the issue, mitigating the immediate effects, and developing a solution to restore services. The company's public communications acknowledged the ongoing efforts to resolve the incident and to subsequently re-enable the disabled services. A definitive timeline for full restoration was not provided, with services stated to remain suspended until further notice, indicating the complexity of the recovery process.
The operational impact of the service suspension was direct and substantial for SEAL's customers and users. In response to the inability to access billing and payment systems, the company announced that all due dates for payments, deadlines for service disconnection due to non-payment, and other related time-sensitive administrative deadlines were officially suspended until the system could be fully restored. This policy was implemented to prevent customers from being penalized for late payments during a period when the company's primary payment channels were intentionally inoperable due to the cyber incident.
Public communication was a key component of SEAL's response strategy. On the same day as the attack, the company issued an official statement titled "Comunicado" through its Facebook social media channel. This statement formally notified all clients and the general public of the cyberattack, outlined the immediate impacts on services, detailed the suspension of payment deadlines, and informed the public that specialists were actively working on the problem. The communication also included an apology to users affected by what the company described as fortuitous events outside of its control. Furthermore, the statement sought to reassure the public regarding the security of their information, noting that all system information was public and was also duly backed up both physically and digitally, and archived with absolute security.
The incident did not result in a total information breach as the company's security measures were reportedly effective in protecting the majority of its data from being exfiltrated or compromised. The attack was characterized as having a primary goal of service denial, which was achieved through the necessary suspension of services, and a secondary, unsuccessful goal of information capture. The company's leadership expressed confidence that their data protection protocols had functioned as intended during the incident. The focus of the ongoing response remained on the technical restoration of services and the gradual return to normal operational capacity once the integrity and security of the systems could be assured.