Members of the Lapsus$ group, who claimed to have invaded cloud resources of the Ministry of Health, yesterday started dumping material allegedly obtained in this invasion on the web. The group published on its Telegram channel a compressed file of 293 MB, containing 16,847 items (between files and directory entries), totaling 580.5 MB. The group also announced yesterday that it will dump another 10MB, without however saying when that will happen. In a communication with the CISO Advisor, the group claimed that it had access to Ministry resources approximately a week before the invasion was announced. Access to vCenter Server, the message states, gave the group free access to the administration of the agency’s cloud resources and virtual machines.
The name of the file offered for download, compressed in RAR format, is “gitlab-app-saudegovbr”. The name is very suggestive: it indicates that it contains application development material (not necessarily from mobile devices) from the Ministry. GitLab is the company that maintains the GitLab platform, from software development operations (to also protect and operate the software at least in testing).
The content consists of a huge amount of scripts written in Java, few data tables and apparently none related to citizens. The largest of all apparently lists vaccination posts spread across Brazil.