Bits ‘n Pieces (Trozos y Piezas)
Es-CT: Update on Consorci Sanitari Integral Attack by RansomExx
Last week, DataBreaches reported an attack on the Consorci Sanitari Integral (CSI) system of hospitals and health centers in Catalonia. Since then, RansomExx claimed responsibility for the attack and claims to have 54 GB of files that include DNI and medical information of patients and employees.
On October 11, CSI issued a statement on the incident. They confirmed the compromise of data and have taken steps to restore systems and alert people to the risk of impersonations. They write, in part (translation):
The Cybersecurity Agency of Catalonia is already working to minimize the impact of the publication of the data.
The CSI will exercise all legal actions within its reach with respect to those responsible for any misuse or disclosure of information that goes against the confidentiality of the information affected by the cyberattack.
DataBreaches.net has sent several emails to CSI, but they bounced back.
Br: Government Access Offered for Sale by Everest
Everest team is offering government access for sale. In this case, they offer access to the https://www.rs.gov.br network, which appears to be the state government site for Rio Grande do Sul.
When asked by DataBreaches, Everest stated that the price is $10,000.00
Attempts to find an email address or a working contact form to contact the government were unsuccessful. The relevant contact form said “under maintenance,” and there is no way to send them a private message via their Twitter account. DataBreaches hopes that the government is aware of the sales listing and is reviewing their security.
CR: Municipality of Belen Victim of Attack Claimed by Karakurt
The municipality of Belen Costa Rica, has communicated the following (machine translated):
At 10:30 A.M today, Tuesday, October 11, 2022, we received a notification from the Ministry of Science and Technology (MICIT); where we are instructed to verify internally the institution because apparently we have been breached by a cyber attack by a group that claims to have hacked information from the Municipality of Belen in Costa Rica.
Allegedly stealing 373 GB of your data, so far, the group has not published any data that compromises the information of the institution or any of our users.
Since the alert was issued, the institution is conducting investigations with the contracts that currently support us, plus the support of MICITT.
For your security and that of all users, we will temporarily disable all online services provided by the institution.
As soon as we have information, we will inform you.
Karakurt threat actors claim responsibility for this attack and describe the files as corporate data “which include PDF and excel documents, real estate images, invoices, graphs, drawings of new buildings, videos from detentions and registration of protocols and much more others.”
The municipality has issued small updates:
As a security measure, the customer service unit will not be receiving e-mails and if you need to make a transaction you must do it in person.
They also issued a press release on October 12 that indicated they were still investigating the claimed attack.
The administration informs the population that public services will be maintained as normal for the tranquility of the community; for the safety of all users, all online services have been temporarily disabled.
When contacted, the municipality did not provide any additional details. DataBreaches was unable to contact Karakurt.
Co: Attack on Emtelco Claimed by Qilin
Emtelco.com.co S.A is a Colombian customer experience firm & BPO.
Threat actors called Qilin claim to have hundreds of gigabytes from this firm that they acquired in August. A small proof pack and directory screencap appear on the leak site. Qilin says they will post data until someone decides to buy it.
DataBreaches saw very little personal information in the proof pack, but there were many indications that emtelco files were involved. Emtelco did not reply to an email inquiry from DataBreaches asking them to confirm or deny any breach. Nor did we see any notification on their website or social network about any breach.
Br: Attack on Fashion Retailer Lojas Torra Claimed by Qilin
Emtelco was not the only company added to the Qilin leaks site. They also added Lojas Torra, a fashion retailer in Brazil. Qilin claims to have acquired the data on September 7, writing, “We have all the data of customers and employees and we are ready to share them with you.” A small proof pack was provided.
Both Emtelco and Lojas Torra were added to Qilin’s leak site on October 8.
Lojas Torra did not respond to an email inquiry from DataBreaches, and there is no disclosure on their website about any breach.
Qilin is believed to be connected to distribution of Agenda ransomware, as first reported by Trend Micro in August.
Editing and some additional content by Dissent.