Cyber Incident Victim: Prefeitura de Ribeirão Bonito
Date:
Oct 2024
Location:
Brazil
Summary
A hacker known as P4R4ZYT3 conducted cyberattacks against Ribeirão Bonito's municipal council and city hall websites, initially compromising the council site to expose personal data of local officials accused of public works overbilling and fund diversion. Following authorities' lack of response, the attacker targeted the city hall's site, threatening to release purported evidence of misconduct on the Deep Web. Both websites were rendered inaccessible, with the hacker justifying the actions as a response to municipal silence regarding prior allegations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident began on the morning of October 20, 2024, when the official website of the Câmara Municipal de Ribeirão Bonito (Municipal Council) suffered a cyberattack attributed to a hacker using the alias P4R4ZYT3. The attacker compromised the council's website and exposed personal data of Mayor Carlos Caregaro and legislative assistant Cristiane Aparecida Fernandes Lima. P4R4ZYT3 publicly accused both individuals of involvement in a scheme involving overpriced public works contracts and embezzlement of public funds. The hacker claimed possession of email communications and WhatsApp conversations allegedly proving these irregularities, threatening to release these documents on the Deep Web in subsequent days. The compromised municipal council website remained offline following the attack but was temporarily restored by the morning of October 21. No official statements from Ribeirão Bonito authorities were reported during this initial phase, nor were any containment measures or forensic investigations disclosed in relation to the first breach.
On October 21, 2024, P4R4ZYT3 launched a second coordinated attack targeting both the recently restored Câmara Municipal website and the primary website of the Prefeitura de Ribeirão Bonito (City Hall). The hacker justified this escalation in a message to Região em Destake news outlet, citing municipal authorities' failure to respond to allegations raised during the initial attack as motivation. Both government portals (ribeiraobonito.sp.gov.br and cmrb.sp.gov.br) were rendered inaccessible, with their front pages displaying an attack notification containing the hacker's statement. P4R4ZYT3 reiterated possession of evidence regarding public works fraud and reinforced threats to publish documents on the Deep Web, signing the message with "A JANGADA AFUNDOU" ("The raft has sunk"). Municipal services relying on these web platforms were disrupted, though the full operational impact remained unquantified in available reports. As of the latest information, both websites remained offline with no public statements from city officials regarding incident response, restoration timelines, or investigations into the hacker's corruption allegations. The sequence demonstrates a pattern of escalating attacks targeting municipal digital infrastructure to pressure authorities regarding unaddressed corruption claims.