Chilean government warns of Black Basta ransomware attacks after customs incident


The government of Chile warned of ransomware attacks by a notorious gang of hackers after its customs department dealt with an incident on Tuesday.

Officials from the Servicio Nacional de Aduanas de Chile — the government department in charge of foreign trade, imports and more — said on Tuesday afternoon that they were able to prevent a cyberattack from progressing after discovering the incident.

“After detecting a security incident on our computer teams, we have taken all necessary preventive measures to not expose our computer teams and systems to potential vulnerabilities,” they said on several social media sites.

“All security measures and protocols established by the Computer Security Incident Response Team (CSIRT) of Ministerio del Interior y Seguridad Pública are already in place. Thanks to the work of our IT teams, this incident will not affect the operational continuity of the Service and we are taking all necessary measures to continue operating at the different control points in the country.”

In a follow-up message, the country’s Computer Security Incident Response Team (CSIRT) confirmed it was a ransomware attack and specified that the incident involved the Black Basta ransomware group — which has added dozens of new victims to its leak site this week.

The CSIRT warned all of the country’s government bodies that the ransomware was found “in a limited part of the digital infrastructure of the National Customs Service.”

They urged all government agencies to verify that backup copies of systems are protected and separated from the rest of the network. Agencies also need to audit the number of administrative accounts and more generally limit the number of people with administrative permissions.

They provided a range of other actions that should be taken as the government continues to monitor the network for any signs of further attack.

Chile has faced several cyberattacks and ransomware incidents in the last year. The CSIRT said last August that an unnamed government agency was affected by the ransomware campaign targeting Microsoft tools and VMware ESXi servers while their consumer protection agency announced that it too was hit with ransomware in April 2022.

The country’s Atacama Large Millimeter Array — one of the world’s largest astronomical observatories — was also hit with a cyberattack last year. While never confirmed, a ransomware gang leaked documents stolen from Chile’s military in June.

The attack comes as U.S. officials are set to convene a ransomware task force later this month populated with representatives from 45 countries. Senior Biden administration officials want the countries to pledge never to pay ransoms associated with ransomware attacks.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Exclusive: Ukraine says joint mission with US derailed Moscow’s cyberattacks

Next Post

Pro-Ukraine group says it took down Trigona ransomware website

Related Posts

Third-Party Cyber Attacks: The Threat No One Sees Coming – Here’s How to Stop Them

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising
Read More