Ransomware victim disclosure
← All victimsSIAPE (Sistema Integrado de Administração de Pessoal e Folha de Pagamento)
listed as www.siapenet.gov.br · Claimed by Apt73 · listed 2 years ago
Status timeline
- ListedDec 3, 2024
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Brazil
- Sector
- Government
- Listed on leak site
- Dec 3, 2024
About the victim
AI dossier — public-source company profileSIAPE is Brazil's integrated federal civil service personnel and payroll administration system, responsible for processing remuneration of federal civil servants under the Unified Legal Framework (Law 8,112/90) and CLT employment regulations. It is operated by the Brazilian federal government.
- Industry
- Government Administration & Public Service
- Address
- Brasília, Brazil
Attack summary
Severity: critical — Exfiltration of federal government payroll and personnel data affecting civil servants constitutes compromise of sensitive government administrative systems and exposure of PII at national scale.APT73 claims to have compromised the SIAPE system and exfiltrated sensitive payroll and personnel data affecting Brazilian federal civil servants. The group has published the breach announcement but provided limited technical proof details in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Federal civil servant payroll records
- Personnel administration data
- Salary and remuneration information
- Employment records under Law 8,112/90
What the group claims
Today, SIAPE processes the remuneration of civil servants, regulated both by the uniform federal legal regime (Law 8,112/90) and by the CLT and oth...
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

