© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Brazilian police arrests suspected Lapsus$ member


The alleged Lapsus$ hacker is suspected of carrying several cyberattacks against government institutions in Brazil.

The Federal Police of Brazil arrested a suspected member of the international Lapsus$ hacking group. Brazilian authorities claim that the arrest results from an operation dubbed Dark Cloud launched to investigate several cyberattacks against dozens of government bodies.

According to the statement by the Federal Police, authorities were alerted of a growing cybercrime problem after threat actors targeted the country’s Ministry of Health last year.

Brazil’s Ministry of Health was hit with a ransomware attack last year that disrupted the COVID-19 vaccine rollout in the South American country. Lapsus$ took responsibility for the attacks, threatening to delete the 50TB of stolen data if the ransom demand was not met.

Other Lapsus$ victims in Brazil include the Ministry of Economy, Federal Highway Police, the Comptroller General of the Union, and several private companies such as Empresa Brasileira de Correios e Telégrafos and Localiza Rent a Car.

“The crimes uncovered in the police investigation are criminal organization, unauthorized entry of a computer device, interruption or disturbance of telegraphic, radiotelegraphic or telephone service, preventing or hindering its restoration,” the statement said.

Last month, Everest ransomware group stole 3TB of sensitive data from the Brazilian government. A message on the group’s leak site said that the dataset included passports, CPF and RG numbers, tax documents, and other personal data.

The Lapsus$ extortion group made a considerable splash after bragging about attacks against Okta, Globant, Nvidia, and even Samsung. Not long after reports about hacking major companies came out, police in the UK arrested a 16-year-old from Oxford, who was living with his parents at the time of his arrest.

Experts say that Lapsus$ tactics include phone-based social engineering, SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, and even paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval.


More from Cybernews:

Quantum computing developer: we know exactly how to scale

Nvidia graphics card can crack common passwords within milliseconds, experts warn

Apache Commons Text flaw is different from Log4Shell, experts say

East meets West: Russia wants industry to ditch Zoom, Skype, and WhatsApp

Cybersecurity is the “soft underbelly” of space networks, says US military Commander

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked