Cyber Incident Victim: Comuna de San Agustín
Date:
Mar 2024
Location:
Argentina
Summary
The Comuna de San Agustín in Santa Fe, Argentina, experienced a cyberattack resulting in unauthorized transfers totaling approximately 20 million pesos from its central account, executed through four transactions. The intrusion was detected upon resuming operations, prompting immediate reporting to local law enforcement, the bank, and prosecutors. Stolen funds were intended for supplier payments and salaries, raising concerns over potential financial strain affecting wage disbursements, public works, and essential community services if unrecovered. Authorities are collaborating with cybersecurity experts to investigate the incident and enhance security measures to prevent future breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday, March 29, 2024, unidentified attackers executed a cyber intrusion against the Comuna de San Agustín in Santa Fe Province, Argentina, resulting in the theft of 20 million Argentine pesos (approximately 19 million pesos according to the institution’s estimate) from its central bank account. The attackers conducted four separate unauthorized transfers of 4.9 million pesos each, draining the account. Two additional attempted transfers failed due to insufficient remaining funds. The breach went undetected until Monday, April 1, when administrative staff resumed operations and identified the discrepancy. Comunal President Cristian Osta immediately filed a criminal report with the local police, notified the Banco de la Provincia de Santa Fe (NBSF SA) branch in Franck where the funds were held, and alerted the Fiscalía (prosecutor’s office) and the Policía de Investigaciones (PDI). Financial records confirmed the illicit transfers occurred during non-business hours, exploiting the weekend operational gap.
The stolen funds were earmarked for supplier payments, salaries, public works, and essential community services, creating immediate financial instability. Osta emphasized the Comuna’s obligation to meet payroll and vendor commitments despite the loss, warning of potential disruptions to planned infrastructure projects and municipal services if recovery efforts failed. The Comuna initiated collaborative investigations with cybersecurity experts and law enforcement to trace the transactions and identify perpetrators, while simultaneously reviewing internal digital security protocols. Public communication via an April 1 Facebook post acknowledged the attack’s severity and its threat to operational continuity, pledging transparency and strengthened defenses. No ransomware or data exfiltration claims were reported, with the incident confined to financial theft. As of the latest reports, no arrests or fund recoveries had been confirmed, leaving the municipality reliant on procedural interventions with the bank and judicial authorities to mitigate the fiscal damage.