Cyber Incident Victim: Unidas
Date:
Nov 2025
Location:
Brazil
Summary
Unidas experienced a cyber attack that compromised its television communication system, affecting more than 250 devices including TVs, IoT equipment and servers and marking the second incident targeting its digital assets in that area. The attacker, identifying as the Turkish‑language hacktivist group NexusQassamy, displayed on the compromised screens a message accusing Israel of genocide in Gaza, accompanied by images of injured civilians and a label calling the Israeli prime minister a baby killer, along with the group’s signature and a call for global awareness. An anonymous source told the reporting outlet that the company lacks a security team and leadership support, leaving it unable to defend against or respond to such intrusions. The group claimed responsibility via its Telegram channel, where it had previously posted statements about the rise of Islam and Sharia. The company, a Brazilian mobility firm integrated with Brookfield that provides vehicle management and rental services for individuals and businesses, did not deny the incident but declined to comment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident was reported on 1 April 2025 when a cyber attack manifested on the televisions of Unidas’s communication TV system. The attacking group was identified as NexusQassamy, a Turkish‑language hacktivist collective. According to a post on the group’s Telegram channel dated 19 February 2025, the operations began on that date. The attackers displayed a message on the compromised TVs that accused the Israeli government of genocide in Gaza. The upper third of the message showed images of an injured baby, an injured civilian and the face of the Israeli prime minister labeled “baby killer”. The lower two‑thirds bore the title “HACKED BY NEXUSQASSAMY” and the text “Gaza is being subject to genocide by Israel, babies are dying, no one is doing anything, when will the world wake up, babies are dying.”
The attack affected more than 250 devices, including televisions, IoT devices and servers within Unidas’s infrastructure. This marked the second time that Unidas’s digital assets in that area had been targeted by a cyber incident. An anonymous message forwarded to CISO Advisor stated that the company lacked a dedicated security team and that the board of directors did not prioritize security. The message added that Unidas had been invaded twice and felt unable to respond, citing the absence of any defensive barriers. It also noted that the organization was attempting to cope with the situation using whatever resources were available. Unidas’ communications management did not deny the incident but told CISO Advisor that it preferred not to comment on the matter.
No further details about containment, eradication or recovery actions were disclosed in the source material. The anonymous message indicated that the company was trying to manage the incident with the limited means at its disposal. Unidas did not provide any public statement or technical description of the response beyond its preference not to comment. Consequently, the narrative of the incident is limited to the reported scope, the attacker’s actions and the internal remarks about security posture.