The Brazilian population saw the State and its administration institutions suffer at least four security incidents during the month of November. These targeted attacks worry the public about the security of personal data. In addition, they also revived questions about the credibility of the government and its agencies.
The wording of the The Hack got in touch with Felipe Palhares, a lawyer focused on privacy and data protection, to assess the impact of these attacks on the state’s reputation. According to Palhares, state power and sovereignty are not impacted in these cases, but just like any entity that has ever suffered a cybercriminal attack, “regarding the information security aspects ”, were impacted.
“The biggest impact is related to the confidence that computer systems of Organs affected organs are not adequately prepared to deal with incidents of this nature, which are more and more constant ”, he explains. For the lawyer, it is difficult to know the motivation behind this wave of attacks on the government, which most “seem to have been focused on destabilize government agencies than obtaining financial gains ”.
Review the cases:
11/05 – Superior Court of Justice (STJ)
In the first week of last month, the Superior Court of Justice (STJ) was the victim of ransomware, which encrypted data and interrupted the trial of processes for a week. The ransomware RansomEXX, based on the old Defray777, infected more than 1,200 STJ servers.
After this attack, many sites linked to the Brazilian government went offline or unstable. However, we don’t know if this was caused by a cybercriminal attack or if the servers were shut down as a precaution.
The STJ’s work was interrupted for a week, only urgent trials were processed by the court’s board. On November 16, Minister Humberto Martins, president of the STJ, informed that the restore from backups had reached its final stage.
05/11 – Federal District Government
The Federal District Economy Secretariat also identified an attempted invasion of the Federal District government’s data system, GDFNet, on the same day as the STJ ransomware. The servers were taken down as a precaution for almost 24 hours.
11/15 – Superior Electoral Court (TSE)
The Superior Electoral Court (TSE), the body responsible for elections in Brazil, also suffered a series of attacks during the month of November. From Thursday (12) to Sunday (15), the day of the first round of municipal elections, the TSE website showed instability. Voters who needed to check where they were supposed to vote were forced to download the e-Título app, since consultation via the web was unavailable.
During the elections on Sunday (15), the TSE suffered a distributed denial of service (DDoS) attack what interrupted operation of the e-Title app. That same day there was a data leak from servers and court officials. The leak was confirmed by the minister and president of the TSE, Luís Roberto Barroso, but according to him were old data, up to 2010.
However, the PF investigation (inquiry opened on Monday, just after election Sunday) identified that in addition to old data, updated data were also accessed such as addresses and phone numbers of court officials and employees, until 2020.
On November 28, the Brazilian Federal Police (PF), in partnership with the Portuguese Judicial Police, arrested one of the suspects by the TSE data leak. According to the PF, the DDoS attack and data leak was organized by a group of cybercriminals, with members from São Paulo and Minas Gerais, but led by a member arrested in Portugal.
11/27 – Federal Regional Court of the 1st Region (TRF-1)
The Federal Regional Court of the 1st Region (TRF-1), responsible for federal justice processes in 13 Brazilian states, identified a cybercriminal attack on Friday (27). Official information on the case was not released. The court took down all its servers as a precaution. On the internet, a group claims to have stolen 4 of the 47 TRF-1 databases.
11/25 – Embraer
Embraer (although it is not state-owned, it was until 1994 and the government still owns 35% of its shares), reported that it suffered a cybercriminal attack. A few days later it was revealed that it was actually a ransomware infection, RansomEXX, the same that infected the STJ a few weeks ago.
In a note to investors, Embraer said that the attack was identified on November 25. But the note was only published five days later, on the 30th. Almost half a gigabyte of Embraer data were published on the dark web responsible group.
See the original post at: https://thehack.com.br/onda-de-ataques-ameaca-reputacao-do-estado-brasileiro-reveja-os-casos/?rand=48873