Cyber Incident Victim: Poder Judicial de Chile
Date:
Sep 2022
Location:
Chile
Summary
A cyberattack targeting the Chilean Judiciary involved the CryptoLocker malware, compromising 150 computers (approximately 1% of its network) running Windows 7 with McAfee antivirus. The malware encrypted files on affected devices, disrupting operations and forcing some court hearings to shift to mobile platforms. While critical judicial processing systems and emails remained unaffected, the incident prompted a criminal complaint and nationwide replacement of compromised equipment. This attack followed closely after a separate high-profile breach of military email systems, amplifying concerns over cybersecurity vulnerabilities within Chilean government institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 26, 2022, the Chilean Judiciary (Poder Judicial de Chile) experienced a ransomware attack affecting its computer systems. The attack began when a virus identified as CryptoLocker infected approximately 150 computers, representing 1% of the institution's 14,990-device network. The malware specifically targeted machines running Windows 7 operating systems with McAfee antivirus software installed, affecting 3,500 vulnerable devices across the network. Early that morning, the Judiciary's IT department issued an alert instructing employees to avoid opening emails or messages from suspicious sources and to be skeptical of internet offers. The malware propagated through the network, encrypting files on infected computers and rendering them inaccessible, though it did not compromise judicial case management systems or email servers.
The attack caused operational disruptions across multiple jurisdictions, including the Santiago Court of Appeals. Some judges resorted to conducting scheduled hearings via Zoom mobile applications due to computer inaccessibility. By midday, the IT Department of the CorporaciĆ³n Administrativa del Poder Judicial (CAPJ) conducted a nationwide scan confirming 150 compromised devices. Response measures included disconnecting affected computers from the network, replacing hardware, and changing antivirus software. Officials emphasized the malware only encrypted locally stored files rather than central judicial processing systems or the Virtual Judicial Office platform. The Judiciary filed a criminal complaint with Santiago's 7th Guarantee Court regarding the incident, though no perpetrator group was identified at the time. This incident occurred one week after the Guacamaya Group leaked 400,000 emails from Chile's Joint Chiefs of Staff (EMCO), revealing prior unaddressed vulnerabilities, and amid congressional discussions about establishing a National Cybersecurity Agency and Computer Security Incident Response Team (CSIRT Nacional).