Bits ‘n Pieces (Trozos y Piezas)
Py: Personal Paraguay telecom victim of cyberattack
Personal Paraguay is a privately owned Paraguayan telecommunications company that offers services in cellular phones, internet, and television. On October 28, it posted a notice on its Facebook page announcing that some services had suffered inconveniences. Irate customers responded that it had already been three days and wanted to know when services would be restored. The next day, Personal Paraguay issued another notice on Facebook (translation):
“We have suffered a malicious attack by unscrupulous people to our computer system, thanks to prevention procedures, services continue to operate and although there are affectations, these are minimal.at no time have stopped working the main services such as internet, mobile telephony and flow thanks to the security systems of the company.officials of our company work intensively on the internal network, in the certainty that they will be reestablished as soon as possible.”
By November 2, another update indicated that they were still working to restore the affected services. They noted that the personal wallet platform had been proactively isolated from the incident in order to avoid any risk of affecting the integrity of the data and funds deposited in the e-money accounts.
According to their interview with the firm’s advisor, @GuachireM reported on Twitter that no information was taken in the attack, “that they only encrypted the management tool and that the users were proactively isolated.” He added, “On the other hand, the advisor explained that the BCP is aware of the case and that the attackers did not ask for any ransom.”
DataBreaches contacted Personal Paraguay on Monday via email and on Wednesday via its Facebook page, but received no replies via either method. Despite claims that wallets were protected, several users seem to have reported problems with Personal Paraguay’s personal wallet. It is also puzzling that the telecom reported that there was no ransom demand. Perhaps there was no demand because the attackers never responded to a note from the attackers? DataBreaches does not know whether that might be the case or not.
Lockbit 3.0 claims several victims in Latam
Lockbit 3.0 added a number of Latam entities to its leak site this week, but did not provide any proof packs to support their claims. As such, the following claims, if not confirmed by the victims, must be considered unconfirmed claims at this point:
Cooperativa Antonio Vega Granados R.L. in Costa Rica was added to Lockbit’s site on October 30. Their website appeared to be briefly “under maintenance,” but is back online as of publication. Although they did not respond to DataBreaches’ email inquiries, they posted a statement on their Facebook page on November 2:
In previous days, there was an alert of an attempt to breach the cooperative’s systems.
In addition to being unsuccessful, it has been considered mild and of low impact in terms of possible alteration of data or suspension of operations. From the moment our security system alerted about the incident, we have developed all the required protocols in addition that we have been accompanied by advisors and high level institutions that have supported in the gradual resumption of operations, as required by security standards, this we reiterate without any impact that endangers the stability of the cooperative.
Sociedad Balbiana is an event and meetings venue in Spain. There is no indication on their website or social media accounts of any data security incident.
Macrotel, an IT solutions firm in Argentina, was also added to Lockbit’s site on October 30. Macrotel’s website gives no indication of any incident, and they have not responded to DataBreaches’ inquiries asking them to confirm or refute Lockbit’s claims. Although LockBit did not provide any proof with their claim, they claim to have acquired 16,428 files comprising 15 GB of data.
Fisco Saúde is a health insurance organization in Brazil. It was added to the Lockbit site on October 30. After initially issuing a notice on their site on October 26 that said (translated): “We inform that the computer systems have been unavailable, our technical team working on modifications to stabilize the system,” a later notice on November 1 disclosed that there had been a cyberattack on October 25 (translated):
“FISCO HEALTH suffered attempted cyber-attacks on its operating systems last Tuesday (10/25/2022).
Following monitoring, and once the situation was detected, teams were immediately deployed to combat the malicious initiative. We inform that a specialized team, both legal and technical, was hired to support Fisco Saúde in solving the problem. We continue to serve our affiliates and dependents through contingency actions, while all corrective measures are implemented”.
Fisco did not respond to an inquiry from DataBreaches and their notice does not identify LockBit as the attacker, although it seems likely. They have yet to reply to inquiries DataBreaches sent.
Happmobi is a digital training program startup located in Brazil. A search of their website and social networks found no notification of any incident. Nor did Happmobi respond to an email inquiry asking them whether they had been breached as Lockbit alleges.
Es: Unidad Medica AngloAmericana hit by Vice Society
Unidad Medica AngloAmericana in Spain was added to Vice Society’s leak site this week. As is their usual pattern, Vice leaked data. In this case, the data includes what appears to be a lot of patient health data.
Finding no notice on Unidad’s website, we sent an email inquiry asking whether they have notified regulators and patients, but no reply has been received. Inquiries to Vice Society also received no reply.
Cl: ALMA Observatory suffers cyberattack
Atacama Large Millimeter Array (ALMA) Observatory, the largest astronomical project in the world, located in Chile, has been the target of a cyberattack, according to their twitter account:
Servicios de ALMA afectados por ciberataque | El pasado sábado 29 de octubre, a las 06:14 horas, el observatorio ALMA en Chile sufrió un ciberataque a sus sistemas informáticos, lo que obligó a suspender las observaciones astronómicas y su sitio web.
— Observatorio ALMA? (@ALMAObs_esp) November 2, 2022
DataBreaches sent an email to the observatory to request an update as their website appears to be offline. No reply was received by publication, but Bleeping Computer was able to obtain a statement from them.
It is not clear from their statement to Bleeping whether there has been any ransom demand, and no group has claimed responsibility for the attack as yet, so the type of attack and its purpose remain undisclosed at this time.
Some additional reporting and editing by Dissent