Find notable cyber news and cases, enriched with sources, timelines, and signals.

Brazilian government websites hit by network compromise

Incident
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

More than 20 Brazilian government websites were hijacked and turned into malware delivery channels, exposing public-sector infrastructure to downstream abuse. The compromise affected trusted .gov.br hosts and helped a PhantomEnigma phishing chain look legitimate. The event matters because a public-sector web estate was repurposed to support malicious delivery against banks and agencies.

Related Happenings

PhantomEnigma trusted-delivery phishing campaign abusing Brazilian government websites

Campaign
H score25 First: 16.07.2026 14:58 Last: 16.07.2026 14:58 Sources 1

How related: More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions.

About this happening: The PhantomEnigma campaign abused more than 20 Brazilian government websites and compromised email infrastructure to route malware through trusted .gov.br links, incre...

Timeline

  1. 16.07.2026 14:58 2 articles · 2h ago

    PhantomEnigma hijacks more than 20 Brazilian government websites for malware delivery

    Initial Disclosure

    The PhantomEnigma campaign repurposed more than 20 Brazilian government websites as malware delivery channels, using fake police-themed lures, compromised mailboxes that passed SPF, DKIM, and DMARC, and compromised .gov.br or lookalike domains to guide victims to a malicious installer that loaded a patched Boostnote or other application with a modular index.js backdoor capable of collecting system data, maintaining persistence, executing JavaScript, and delivering second-stage payloads.

    Show sources