Brazilian government websites hit by network compromise
Incident
Summary
Hide ▲
Show ▼
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels, exposing public-sector infrastructure to downstream abuse. The compromise affected trusted .gov.br hosts and helped a PhantomEnigma phishing chain look legitimate. The event matters because a public-sector web estate was repurposed to support malicious delivery against banks and agencies.
Related Happenings
PhantomEnigma trusted-delivery phishing campaign abusing Brazilian government websites
Campaign
H score25
First: 16.07.2026 14:58
Last: 16.07.2026 14:58
Sources 1
How related:
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.
About this happening:
The PhantomEnigma campaign abused more than 20 Brazilian government websites and compromised email infrastructure to route malware through trusted .gov.br links, incre...
PhantomEnigma trusted-delivery phishing campaign abusing Brazilian government websites
CampaignHow related: More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.
About this happening: The PhantomEnigma campaign abused more than 20 Brazilian government websites and compromised email infrastructure to route malware through trusted .gov.br links, incre...
Timeline
-
16.07.2026 14:58 2 articles · 2h ago
PhantomEnigma hijacks more than 20 Brazilian government websites for malware delivery
Initial DisclosureThe PhantomEnigma campaign repurposed more than 20 Brazilian government websites as malware delivery channels, using fake police-themed lures, compromised mailboxes that passed SPF, DKIM, and DMARC, and compromised .gov.br or lookalike domains to guide victims to a malicious installer that loaded a patched Boostnote or other application with a modular index.js backdoor capable of collecting system data, maintaining persistence, executing JavaScript, and delivering second-stage payloads.
Show sources
- 20+ Hijacked Government Websites Became an Attack Channel — thehackernews.com — 16.07.2026 14:58
- 20+ Hijacked Government Websites Became an Attack Channel — thehackernews.com — 16.07.2026 14:58