Everest ransomware group claims the stolen data includes passports, fingerprints, tax documents, and more.
Threat actors added the Government of Brazil to their leak site, claiming they got their hands on the access of gov.br network, a government services website. The website’s owner is Brazil’s federal government.
According to the message on Everest Group’s leak site, threat actors have stolen over 3TB of data. The dataset is said to include passports, CPF and RG numbers, tax documents, and other personal data.
CPF or Cadastro de Pessoas Físicas (Natural Persons Register) is an 11-digit tax number given to all residents of Brazil. RG or Registro Geral (General Registry) is the official identity document in Brazil.
The documents and databases associated with them contain names, surnames, addresses, dates of birth, and other sensitive information citizens need to provide to obtain federally recognized documents.
Threat actors included screenshots of Brazilian passports. However, the leak is not confirmed. Cybernews reached out to the government of Brazil, but we did not receive a reply before publishing this article.
Everest Group ransomware has been active since 2018 and has attacked the Brazilian government before. Last year cybercriminals attacked the National Treasury of Brazil.
Last year the Russian-speaking group was spotted for its ‘innovations’ on the double-extortion front. The group has been observed to sell access to the networks they’ve breached, additionally monetizing the hack.
Deep Web intelligence analysts at DarkFeed spotted that Everest was selling 3TB of data from the government of Brazil at the start of the month. However, at the time, the type of data the cybercriminals acquired was unclear.
That’s another tactic employed by Everest and other ransomware groups. Culprits sometimes avoid describing the victim or the stolen data, so the victim would pay the ransom under the threat of appearing on the group’s leak site.
More from Cybernews:
Subscribe to our newsletter