Bits ‘n Pieces (Trozos y Piezas)
ES: Half a million taxpayers and 50,000 police have their information stolen by attackers
El Economista reports the General Council of the Judiciary (CGPJ) suffered a cyberattack on its Punto Neutro Judicial (PNJ) platform that connects judicial bodies with other government agencies, including the National Police Force, the Attorney General’s Office, and the General Secretariat of Penitentiary Institutions.
DataBreaches sent an email inquiry on November 7 but received no reply. An email was also sent to Spain’s regulator, AEPD, asking if they had been notified. No reply was received from them, either, but on November 8, the CGPJ announced the cyberattack that they had detected in October.
Their statement indicates that the attackers used the PNJ platform to gain access to other public government institutions, but that no data relating to judicial proceedings or other information held by the courts and tribunals had been compromised. Relevant agencies were notified as was the AEPD.
On November 11, El Hacker reported that attackers were able to hit the Treasury Information Services, and exfiltrated information on half a million Spanish taxpayers. They were also able to access the General Police Directorate and obtained the personal information on 50,000 police officers.
CGPJ’s statement does not indicate who the attackers are or whether there was any ransom being negotiated. DataBreaches has not spotted this incident on any dedicated leak site by time of this publication.
ES: Seville Urban Transportation affected by cyberattack
On November 8, the Seville Urban Transport Company (TUSSAM) disclosed it had been the target of a cyber attack on November 6 and that both the mobile application and the information panels at bus stops were disabled as a result.
Viva Sevilla reports the company disconnected all systems and equipment to analyze them for malware and to prevent any malware from replicating when systems were switched back on.
According to the company, the attackers did not access or acquire private customer data or the company’s own operational data. “In this sense,” the paper reported, “the movement of buses on the street was not affected by resorting to using manual means, which guaranteed at all times the provision of public service.”
A tweet on November 10 informed the public that while screens at some bus stops were already restored as servers progressively recover, they could not say when the app would be operational again.
Buenas tardes. Se está intentando trabajar lo más rápido posible, pero no se sabe a ciencia cierta cuando puede estar de nuevo operativa la AppTussam. Las pantallas TIC de las paradas están operativas ya (no todas) porque los servidores se están recuperando de manera progresiva.
— CORTES Y DESVÍOS TUSSAM (NO OFICIAL) UseMascarilla (@cortes_tussam) November 10, 2022
TUSSAM did not reply to any email inquiry seeking additional details. There was no public mention of any ransom demand or any negotiations.
ES: Security incident affecting Orange telecom customers
A cyberattack on a debt collection provider used by Orange has breached some customers’ personal information. Orange’s press release informs customers (translation:)
…. This has resulted in sensitive information (name, surname, postal address, telephone number, e-mail address, ID card number, date of birth, nationality and IBAN code of the current account) of a limited number of its customers being exposed.
The provider’s name was not disclosed in the release, and Orange did not reply to an email inquiry sent to them.
As of publication time, DataBreaches has found no listing on any dark web leak site that might relate to this incident.
MX: SICT reports that there was no damage to internal systems and no data breach
As previously reported on DataBreaches, the Secretariat of Infrastructure, Communications and Transportation (SICT) was the victim of a cyberattack discovered on October 24, but it reportedly did not damage the agency’s systems, nor was citizen’s data compromised.
Processing of certain applications and documents has been suspended until December 31, but without penalty to those who cannot apply for new papers or renewals.
Following the cyber-attack at the end of October, Jorge Nuño, head of the SICT’s office, explained that only 110 computers were attacked, out of a total of 11,000, with ransomware. The type of ransomware was not revealed and SICT did not respond to an inquiry from DataBreaches.
GT: Customs Service APM terminals affected by cyberattack by Hive
In September, DataBreaches reported a ransomware attack on Guatemala’s Ministry of Foreign Affairs. On October 18, the Guatemalan Customs Service confirmed failures in the computer systems of APM Terminals and that a contingency program was being activated.
Prensa Libre reported technical problems in the systems of APM Terminals Quetzal in Escuintla, but the operations of loading and unloading of goods were being maintained.
“We have been informed that there are failures in the system, which the authorities of that terminal inform us that they are taking care of them to reestablish it and provide the service as it corresponds”.
No mention had been made of any ransomware or ransom demands, but on November 8, the Hive threat actors listed “TCQ”, Quetzal Container Terminal, on their dedicated leak site, Hive claims to have exfiltrated 5GB of an Oracle database with backup.
Neither APM’s portal nor their Facebook page make any direct mention of any cyber attack, but the portal describes the alternate procedures currently in effect.
Edited by Dissent