Bruno Soares reports:
Companhia Paranaense de Energia (Copel) suffered cyber attacks last night that caused instability in part of its systems.
According to the company, the operation and protection systems detected the attacks and the security protocols were followed, with the suspension of the operation of its computerized environment to protect the integrity of the information. The full assessment of what happened is ongoing and necessary steps are being taken to restore normality.
Read more on AgenciaCMA. Attempts to connect to copel.com to determine if there was any statement about the incident timed out.
Update: COPEL was apparently attacked by DarkSide ransomware threat actors. The threat actors claim to have exfiltrated more than 1000 GB of data, including:
- CyberArk storage with clear-text passwords from all local and internet infrastructure
- Network maps & diagrams, backup schemes & schedules, domain zones for copel.com(internet) / copel.nt (intranet) domains, full AD info, dump of DC DB(ntds.tid)
- Phone numbers, emails, IDs and more personal data of employers and customers (firstly top management)
- NDA, some contracts and some finance informationDetailed engineering schemes, plans, network switches
DataBreaches.net notes that while they claim to have the data, they have not posted any proof of having any data.