Cyber Incident Victim: Tribunal Superior de Justicia de la Ciudad de México
Date:
Aug 2024
Location:
Mexico
Summary
The Mexico City Superior Court experienced a sophisticated cyberattack by the Mexican Mafia hacking group, compromising sensitive judicial systems through phishing campaigns and privilege escalation techniques. Attackers accessed judicial documents, personal data of judges and staff, and details of ongoing cases, creating risks of extortion and manipulation of legal proceedings. The breach threatens both individual privacy and institutional integrity, with perpetrators likely seeking financial gain or leverage over judicial outcomes. This incident underscores vulnerabilities in critical infrastructure security and highlights the operational impact of unauthorized data exposure within judicial entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 2, 2024, the Tribunal Superior de Justicia de la Ciudad de México (TSJCDMX) experienced a significant cyberattack attributed to the hacking group Mexican Mafia. The attackers executed a sophisticated campaign beginning with phishing operations targeting tribunal employees, successfully deceiving them into disclosing login credentials. Using these compromised credentials, the hackers performed privilege escalation maneuvers to penetrate deeper into restricted network segments. This lateral movement enabled unauthorized access to multiple critical systems storing judicial operations data. The intrusion involved malware deployment to maintain persistence within the infrastructure and facilitate undetected data exfiltration. Security weaknesses in the tribunal’s cyber defenses and insufficient employee awareness of digital threats contributed to the breach’s success.
The compromise exposed sensitive judicial documents, personal identification details of judges and staff members, and confidential information pertaining to active court cases. Evidence suggests attackers acquired specifics about ongoing legal proceedings, creating risks of extortion against involved parties or manipulation of judicial outcomes. Mexican Mafia issued unspecified demands, with security analysts speculating potential financial ransom requests or concessions leveraging the stolen data as leverage. The breach jeopardized individual privacy through exposed personal records and threatened institutional credibility by undermining public confidence in judicial data integrity. No operational disruptions to court functions were explicitly reported, but the incident highlighted systemic vulnerabilities in governmental cybersecurity preparedness, particularly for entities managing highly sensitive legal information.