Brazilian police arrests suspected Lapsus$ member

The alleged Lapsus$ hacker is suspected of carrying several cyberattacks against government institutions in Brazil.

The Federal Police of Brazil arrested a suspected member of the international Lapsus$ hacking group. Brazilian authorities claim that the arrest results from an operation dubbed Dark Cloud launched to investigate several cyberattacks against dozens of government bodies.

According to the statement by the Federal Police, authorities were alerted of a growing cybercrime problem after threat actors targeted the country’s Ministry of Health last year.

Brazil’s Ministry of Health was hit with a ransomware attack last year that disrupted the COVID-19 vaccine rollout in the South American country. Lapsus$ took responsibility for the attacks, threatening to delete the 50TB of stolen data if the ransom demand was not met.

Other Lapsus$ victims in Brazil include the Ministry of Economy, Federal Highway Police, the Comptroller General of the Union, and several private companies such as Empresa Brasileira de Correios e Telégrafos and Localiza Rent a Car.

“The crimes uncovered in the police investigation are criminal organization, unauthorized entry of a computer device, interruption or disturbance of telegraphic, radiotelegraphic or telephone service, preventing or hindering its restoration,” the statement said.

Last month, Everest ransomware group stole 3TB of sensitive data from the Brazilian government. A message on the group’s leak site said that the dataset included passports, CPF and RG numbers, tax documents, and other personal data.

The Lapsus$ extortion group made a considerable splash after bragging about attacks against Okta, Globant, Nvidia, and even Samsung. Not long after reports about hacking major companies came out, police in the UK arrested a 16-year-old from Oxford, who was living with his parents at the time of his arrest.

Experts say that Lapsus$ tactics include phone-based social engineering, SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, and even paying employees, suppliers, or business partners of target organizations for access to credentials and multifactor authentication (MFA) approval.