Guam officials said Saturday that multiple government websites may be affected by a cyber incident tied to a global vulnerability in cPanel, software used to manage website hosting. Emergency response operations were not affected, officials said.
The incident could affect how residents access online government information and services while officials assess whether any websites were disrupted, deleted or encrypted. Guam’s territorial government uses guam.gov sites for agency information, emergency notices and public services.
The Government of Guam said it is responding to a “widespread cyber incident” linked to a critical zero-day vulnerability affecting cPanel-hosted websites globally. Gov. Lou Leon Guerrero and Acting Gov. Joshua Tenorio ordered an immediate government-wide assessment of potentially affected agencies.
A check of guam.gov showed the main domain displaying a cPanel default error page telling the site owner to contact the hosting provider. The page cited possible IP address, server configuration or server-move issues. The display showed public-facing website disruption but did not indicate whether data was disrupted, deleted or encrypted.
Officials said preliminary information showed multiple guam.gov websites may be affected, but the full scope remained under investigation. Worst-case scenarios under review include possible data disruption, deletion or encryption consistent with ransomware-type activity, officials said.
Officials have not confirmed ransomware, data theft or a breach involving sensitive personal information.
The Office of Technology is leading response and recovery work with hosting partners to secure systems, assess integrity and restore services from backups where possible. Officials said patching and system hardening were being implemented across affected platforms.
The Mariana Regional Fusion Center, FBI, CISA and other federal partners have been notified. The government said the incident appears to be part of a broader global event affecting systems in multiple jurisdictions, suggesting the Guam activity may stem from opportunistic exploitation of a widely used website-hosting platform.
“At this time, there is no impact to emergency response operations,” officials said. The Guam Homeland Security and Office of Civil Defense website remained operational, and government services were continuing through alternate channels where needed.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
cPanel said Saturday it had issued updates for a flaw affecting its website-hosting software that could let an attacker bypass login protections on vulnerable systems.
The incident comes less than three months after Guam Homeland Security and the Office of Civil Defense held Exercise Black Hydra, a cybersecurity tabletop exercise involving territorial, federal and military partners and a simulated incident targeting government systems.
Guam has faced prior cyber disruptions, including a 2020 University of Guam malware attack that left several campus systems offline. The university said at the time that WebAdvisor, FAO Self-Service, CollegeNET, eTrieve, the help desk website and staff Eduroam remained unavailable after the attack.
The territory also has appeared in U.S. warnings about China-linked activity targeting critical infrastructure. In 2023, Microsoft said a group it calls Volt Typhoon had targeted critical infrastructure organizations in the United States, including Guam. U.S. and allied cybersecurity agencies later warned that Chinese state-sponsored actors were seeking to position themselves on U.S. infrastructure networks for possible disruptive or destructive attacks in a crisis. Officials have not linked the current GovGuam website incident to that activity.
As of the government’s Saturday update, the incident remained under investigation, with affected systems, restoration timing, data exposure, threat actor and any ransom demand still unconfirmed.
.jpg){kind=link}