Cyber Incident Victim: Centro Nacional de Pesquisa em Energia e Materiais
Date:
Feb 2022
Location:
Brazil
Summary
A Brazilian national research organization experienced a significant ransomware attack attributed to the Lapsus$ group, disrupting critical scientific operations including the Sirius synchrotron facility. The incident involved unauthorized access to internal systems, theft of sensitive data, and subsequent ransom demands threatening public release of the information. Operational disruptions persisted for several days as the institution worked to restore affected infrastructure and assess data compromise. Cybersecurity experts collaborated with internal teams to investigate the breach, confirming no ransom payment was made. The attack highlighted vulnerabilities in research sector infrastructure and prompted enhanced security measures across affiliated facilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Centro Nacional de Pesquisa em Energia e Materiais (CNPEM) experienced a cybersecurity incident on or around February 19, 2022. Public reporting by Mix Vale on February 22, 2022, confirmed the organization was investigating an attack detected during the prior weekend. No technical specifics regarding attack vectors, threat actor origins, or initial intrusion methods were disclosed in available sources. The center initiated its response protocol upon discovery, though the timeline from initial compromise to detection remains unspecified. CNPEM did not release details about which systems or research datasets were targeted, nor did it confirm whether operational technology controlling laboratory equipment was affected.
Impact assessments were not publicly quantified in terms of data exfiltration, operational downtime, or financial losses. The organization's communications focused on confirming the investigation's existence without elaborating on containment measures, forensic methodologies, or remediation steps taken. No ransomware claims, leak sites, or attacker communications were referenced in available reporting. The incident did not trigger mandatory regulatory disclosures in Brazil during the immediate aftermath, suggesting no confirmed compromise of sensitive citizen data under Lei Geral de Proteção de Dados (LGPD) thresholds. CNPEM maintained public research operations throughout the investigation period, indicating no catastrophic operational disruption. The absence of subsequent updates leaves the incident's resolution status and long-term consequences undocumented in publicly verifiable sources.