Bits ‘n Pieces (Trozos y Piezas)
ES: Secondary education center hit by Stormous After several months out of the public eye, the pro-Russian Stormous Ransomware group reappeared in February. Now they have claimed an attack on a secondary education center, the Instituto De Educación Secundaria Ies Emilio Canalejo Olmeda (IESCO) in Cordoba, Spain. On March 30, Stormous listed the entity in their Telegram channel and claimed to have leaked 50% of the stolen data on their dark web leak site. When DataBreaches checked their leak site, we saw that Stormous has given IESCO 12 more days to contact them. The currently leaked data includes folders with names like Quality procedures, Quality fillable documents, Quality information, 2022-2023 course evaluations, and a self-protection plan. DataBreaches does not know if any of those include personal information on employees or students. No notice or statement could be found on IESCO’s website and no reply has been received to an email inquiry sent to them yesterday. CO: LockBit leaks documents from Medellin government DataBreaches previously reported that LockBit3.0 had claimed the Medellin government as a victim. This week, LockBit dumped some data. According to Muchohacker.lol, the leak includes: Information from the Police and the Fourth Brigade, Firefighters, among other entities. MuchoHacker.lol carried out a random review of documents and was able to verify that private and sensitive data of police officers, investigators and crime victims were observed among the documents. Likewise, it was possible to verify the publication of private medical data of citizens. MX: Yucatan government announces cyberattack Last Sunday, the Yucatan government announced that its central server was targeted in a cyberattack, but provided no details on the attack. The newspaper Diario de Yucatan reports details of the suspended services: The Yucatan Drinking Water and Sewerage Board, according to the management, does not have the electronic collection service for receipts because the app is paralyzed by the computer attack. The Yucatan Ministry of Health is not attending, for now, the request or renewal of sanitary determinations, temporary authorization of events, payments of fines and rights for certification of export products and other contributions linked to the State Fiscal Administration Agency. Editing by Dissent.
Bits ‘n Pieces (Trozos y Piezas)
CR: CONASSIF Hacked With Chinese Characters El Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is involved with the Costa Rican financial system. On March 20, the Computer Security Incident Response Center (CSIRT-CR) on the website of the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), issued an alert involving the website of CONASSIF after the website was found to have been defaced. The alert states the following (translated): “For the population’s peace of mind, the CONASSIF informed that said page does not contain information of the entities they supervise and that it is outside the infrastructure of the Central Bank of Costa Rica (BCCR), since its content is merely informative about the regulation approved by the Council. laNacion reports some details: “It was deactivated shortly after 9 a.m., when its content was usurped with designs written in Chinese characters, this newspaper confirmed from photographs of the screen which began to circulate in computer technician chat forums”. A Google translation of the Chinese message on the site said, ““Use for illegal purposes, the author is not responsible for the consequences!“ There has been no update on this incident from the CSIRT-CR. The CONASSIF page says it is under maintenance and will be back in three days. This appears to be a hack with defacement but CONASSIF hasn’t actually confirmed they were hacked. What they have said is that no personal or financial information would be involved because they don’t store any and are not connected to the national bank’s system for such data. PA: Fabrega Molino leaked by BlackCat Fabrega Molino is Panamanian law firm that has reportedly been hacked and leaked by BlackCat. BlackCat claims to have 113GB of files from this firm, which was added to their site on March 18. BlackCat’s post does not indicate whether they locked the victim or just exfiltrated data. The data leak includes some documents with personal information such as passports and a will. The firm did not reply to an inquiry from DataBreaches. Their statement on their website is lacking in any meaningful details on the type of information involved (translated) …. we detected an isolated security incident in one of our networks, which was contained and resolved immediately by our team of cybersecurity experts. Additionally, we inform you that we have proceeded to strengthen the protection and security measures of the Firm’s computer equipment, following the recommendations of our experts. There is also no mention of notifying individuals or any mitigation services. DataBreaches has received no reply to a second email inquiry sent to them about whether there was customer data stolen and leaked. DataBreaches has also asked BlackCat that question but has not received a reply. MX: Vazquez Nava Consultores y Abogados, S.C Hit by Medusa A Mexican firm of consultants and lawyers has been added to the Medusa leaks page with some proof of claim. Looking at the list of files, there are human resources data with personal information. On March 20, DataBreaches sent the firm an email seeking confirmation or denial of Medusa’s claims and additional details. They have not replied and there is no statement on their website about any incident. UPDATE: Autoridad de Acueductos y Alcantarillados Attack was by Vice Society Last week, DataBreaches reported that AAA had confirmed a cyberattack but would not be paying any ransom because no employee or customer data had been breached. That appears to have been inaccurate. Since then, Vice Society has added AAA to their leak site, and it is clear that there is personal data in there like passports and Social Security numbers. Editing by Dissent
Bits ‘n Pieces (Trozos y Piezas)
ES: HLA Grupo Hospitalario data listed for sale after web server misconfiguration On March 14, a forum user on BreachForums listed data from the HLA Grupo Hospitalario in Spain for sale. The listing advertised 45,000 patient records and information on 1,600 doctors, with samples provided of each. HLA Grupo Hospitalario is owned by Asisa, which has 18 hospitals and 17 centers located in different cities of Spain. In private messages, the forum user provided DataBreaches with additional details. They claim the data were obtained from a misconfigured web server on March 10 and that they are asking $300 for all of the data, but the price is “obv tradable” (negotiable). When contacted by Cronica Global, Asisa stated that they had activated a security alert and were studying the matter. However, they could not confirm the theft of data nor its supposed scope. DataBreaches sent an email inquiry to HLA Grupo Hospitalario asking for their response to the situation and claims, but received no reply. CO: Schrader Camargo Named By LockBit Schrader Camargo offers EPC services (Engineering, Procurement and Construction) services. Their name was added as a claimed victim on the LockBit3.0 leaks page on March 11, with some samples. LockBit has not leaked data other than samples so far, but claims to have about 267GB of data. No notification of any incident appears on the firm’s website or on social networks, and there has been no reply to an email sent to them on March 16. AR: CEOSP Suffers Cyberattack La Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP) posted a notice yesterday on Facebook about an incident: In translation, the notice says, in part: We inform you that on Friday, March 17, the CEOSP will remain closed due to problems with our servers. The technical staff of the cooperative is working since Sunday morning to solve this situation as soon as possible. However, our claims guard will function normally. In case of any electrical inconvenience you can call 452525. At the same time, we ask the community to make responsible use of electricity. We apologize for the inconvenience caused. Media outlet Boscoproducciones obtained some details about the type of incident: Martin Rigassi … said that after opening an email, a virus entered the entire computer system, all the computers that were hooked up. Because of this, from now on they cannot enter any machine and whoever is behind this (they still don’t know or can locate the IP) is asking them for money in exchange for returning all the files, all the information that our city’s electricity cooperative has had for years.” CEOSP has not replied to an email inquiry sent yesterday about the situation. PR: Autoridad de Acueductos y Alcantarillados Confirms Ransomware Attack Autoridad de Acueductos y Alcantarillados (AAA) is a public entity in charge of managing the quality, management and supply of drinking water in Puerto Rico. AAA has confirmed to Vocero that they suffered a ransomware attack on March 13. The attack has reportedly affected AAA’s electronic customer service systems. Arnaldo Jimenez Acevedo, Vice President of AAA’s strategic planning, said, “Certainly the agency suffered what is known as a cyberattack on Monday morning. Our system, a robust system, protected itself as part of the established processes and that happened around 6:37 in the morning.” There has been no statement about who the threat actor(s) are, but AAA has indicated it will not pay any ransom to restore access because there is no indication that employee or customer data has been affected. Editing by Dissent.
Bits ‘n Pieces (Trozos y Piezas)
CL: BlackCat confirms attack on Fonasa DataBreaches recently reported a malware attack on Chile’s National Health Fund (FONASA). There is an update to report: In a chat on Tox, BlackCat confirmed to DataBreaches that they are responsible for the attack and they say that they will announce it soon on their leaks page. A spokesperson for the group told DataBreaches that they are not giving Fonasa any more time to respond because they have not heard from them at all. As partial proof of their claims, they provided this site with some files. DataBreaches was shown a screenshot of a directory of files as well as some correspondence with the names, addresses, and city of Fonasa health beneficiaries. The correspondence below is a letter concerning a co-pay for services for a beneficiary: Other files provided to DataBreaches were from visit reports and included personal data of employees such as names, IDs, and signatures. Neither Fonasa nor CSIRT have provided any more details about this incident since reporting on the steps and legal action they initiated. PE: Dark Power claims attack on Peruvian reconstruction agency Autoridad para la Reconstrucción con Cambios (ARCC) is the Peruvian entity in charge of leading and implementing the Integral Plan for Reconstruction with Changes (PIRCC) of all the physical infrastructure damaged and destroyed by the El Niño Costero phenomenon in 13 regions of the country. This institution was listed on or about March 9 on a leak site of a new group called Dark Power. Unlike other groups, Dark Power invites people to contact them on Tox to download files, but they were not online whenever DataBreaches attempted to contact them. On March 9, DataBreaches sent an email to the RCC asking them about this incident. No reply was received. Because there was no notice on their website or social media, DataBreaches also alerted Peru’s National Center for Digital Security (CNSD) of the claimed attack and data offer. CNSD thanked DataBreaches for the notification, writing, hey “Thank you for the information provided, we will coordinate with the affected entity, to provide attention to the reported security incident.” EC: Data on vaccinated Ecuadorians offered for sale (Disputed) A database called Covid-19 allegedly from the Ministry of Public Health in Ecuador has been listed for sale on a popular forum by KelvinSecurity. The March 5 listing claims the database contains these data fields: Year_v Month_v Day V Hour V Vaccination Point Unicode Establishment Zone District Province Canton Surnames Names Type Identification Number Document Sex Year Nac Month Nac Day Nac Nationality Conventional Telephone Cellular Telephone Email Population Vaccinate Vaccination Phase Name Vaccine Lot Dose Applied Was Scheduled Vaccinator Ced Vaccinator Name Enterer ID Enterer Had Covid Ethnic Self-identification Ethnic Nationality Kichwa Peoples Risk Group Exterior Vaccine Exterior Lot Exterior Dose Exterior Vaccine Date Exterior Country. In a March 6 announcement on Twitter, the Ministry of Public Health of Ecuador appeared to deny any breach (translation): MSP confirms that there is no vulnerability to its computer systems The Ministry of Public Health (MSP) informs that, in relation to the publications generated on social networks about an alleged leak of the institution’s database, there is NO violation of its computer systems and, therefore, the information that is hosted on The technological infrastructure is protected in accordance with governmental and international regulations and the industry’s own computer protocols. We urge citizens not to be deceived with the delivery of information. The illegal disclosure of databases is sanctioned by the Comprehensive Organic Penal Code (COIP) as well as by the Organic Law for the Protection of Personal Data that regulates the confidentiality of data and that they are used for the purposes for which they were created. This State portfolio maintains in force the strategies and mechanisms that guarantee the confidentiality, integrity and availability of information in strict adherence to the law. Government of Ecuador Guillermo lasso PRESIDENT So where does the government believe the data came from? Are they suggesting the data is fake? DataBreaches found real names associated with RUC in the sample data provided by KelvinSecurity but did not contact anyone to ask about their vaccination status. DataBreaches also reached out to KelvinSecurity to ask for their response to the government’s denial or for more information about how they acquired the data. They responded, “it is better that they continue to believe that than if I can negotiate the sale of the files.” CO: Sensitive and exposed data from ICETEX ICETEX is a Colombian entity that promotes higher education and facilitates access to educational opportunities offered by the international community to improve the quality of life of Colombians. An Icetex user who discovered a bug that exposes people’s data reported it to Icetex, but got no response. The user then reported the bug to muchohacker.lol to call attention to the problem and Icetex’s failure to address it. MuchoHacker.lol investigated the claimed vulnerability and reported: “MuchoHacker.lol verified that the warning is true and without any kind of technical or ‘hacked’ knowledge was able to access more than 10 documents with private and sensitive information such as ID, letters of recommendation from a person with the last name Figueroa are online. There You can read your personal data as well as the information of those who confirm that the Icetex user has been doing cultural work in the town of Suba, as well as Datacredito statements, letters from international universities, among others, which are just a click away. “ According to the user who discovered the problem, there are 104,747 documents online without any type of protection. Icetex responded by saying they were going to address the problem. It is not known for how long these data have been improperly secured or whether the data have been accessed by criminals. Edited by Dissent.
Bits ‘n Pieces (Trozos y Piezas)
ES: Stormous claims attack on Zurcal The Zurcal group, which belongs to the energy saving and efficiency sector, has been named by Stormous Ransomware in its Telegram channel. The attack was posted on February 24 with images showing invoices and plans. Stormous gave the victim one week to respond. In a subsequent post, Stormous added more proof and images, including one NIF (tax identification number). Zurcal has not posted any notice on its site or social media and has not replied to inquiries by DataBreaches. BR: Ragnar_Locker indignantly responds to a victim’s claim of no data leakage “AASP claim there was no data leakage!” Ragnar_Locker posted on February 22. AASP is the Associação de Advogados de São Paulo, an association of São Paulo lawyers. The association’s Twitter account had acknowledged an incident in a January 27 tweet, but denied any data exfiltration, a denial that they reiterated subsequently, claiming (translation): “We reiterate that no type of leakage of personal or institutional data has been detected,” and “We have full backup and it is important to highlight that personal and institutional information is encrypted, preventing data leakage.” (January 30 tweet). In response, the threat actors posted proof, including some items with personal information. AASP did not respond to inquiries by DataBreaches and posted nothing further about the attack. [Update: Shortly after publication, Ragnar_Locker posted an update to their leak site. They uploaded 200 GB of files from AASP plus numerous screenshots with personal information.] CO: Hackers attack Fasecolda La Federación de Aseguradores Colombianos (Fasecolda) is an association for Colombian insurers. Fasecolda was reportedly the target of hackers, but the attack was detected and staff disconnected systems with information on automobiles and Compulsory Traffic Accident Insurance (Soat). API reported that the containment schemes were effective in stopping the attack. Fasecolda has not issued any updates since February 28. MX: Investigation into cyberattack of Rosarito continues On February 17, Rosarito’s city council experienced a cyberattack that resulted in hundreds of servers being infected. Citizens were affected because the attack made it impossible for them to pay property taxes and other municipal service fees for several days. The attack was reported to the State Attorney General’s office on February 24, and the municipality is still investigating this incident. No group has claimed responsibility for the attack and there has been no mention of any ransom demands. Edited by Dissent.
Bits ‘n Pieces (Trozos y Piezas)
CO: The Red de Salud del Norte Joaquín Paz Borrero Hospital hit with ransomware The Cali District Government has implemented its contingency plan due to a computer attack on Joaquín Paz Borrero Hospital. The hospital is part of the Northern Health Network. “They encrypt the information on server number 4 with passwords and leave us a message asking for a ransom for the information. They don’t talk about an amount, they talk about making contact with them in 72 hours, otherwise it will be more and more expensive to rescue this information”, explained Angie Gutiérrez, manager of ESE Norte. The government has not yet revealed what type of ransomware is involved or whether they made contact with the threat actors. DO: Attack on Empresa Distribuidora Del Este Claimed by BlackCat The Empresa Distribuidora Del Este (“EdeEste”), an electricity distribution firm, has been named on BlackCat’s leak site. The group claims to have 420 GB of information from the company that can be viewed at an onion link, but that URL is not online. EdeEste’s website is currently down and there is no announcement of any cyberattack on their social media. They have not replied to an email inquiry sent to them asking about the claimed attack. CL: FONASA Says it has Overcome a Malware Incident Chile’s National Health Fund (FONASA) is in charge of collecting, administering, and distributing state funds destined to health care in Chile. One of its functions is to finance the health benefits of its beneficiaries. FONASA has revealed that on February 17, it suffered a computer attack causing some minor interruptions and delays at its branches. Service at branches has since been restored. The interruptions were due to a malicious computer program that required them to isolate infected network devices. FONASA does not say this was a ransomware attack. This incident was reported to CSIRT (Chilean Government Information Security Incident Response Team). A Security Alert on CSIRT’s site mentions two threats in Chile, one of which is the BlackCat Threat Group. The alert does not name any victims, but when DataBreaches asked BlackCat on Tox if they had attacked any Chilean entity, they answered, “No.” Since BlackCat is Ransomware-as-a-Service (RaaS), perhaps the spokesperson does not know every victim or what country they are in. Or perhaps FONASA was not a victim of BlackCat. DataBreaches has sent FONASA an inquiry as to whether this was a ransomware incident and if it involved BlackCat. This post will be updated if a reply is received. BR: Âncora Sistemas de Fixação Leaked By Royal Ancora, a company specializing in the manufacture and marketing of fasteners for civil construction, has been added to the Royal gang’s leak site. All of the data allegedly stolen from them (88 GB) was also uploaded to the site at the same time. As we have not seen any notification of this incident on their website or social networks, DataBreaches sent Ancora an email on February 20, asking if they have been attacked by Royal and if they are aware that their data has already been dumped on Royal’s website. There has been no reply. AR: La Segunda Seguros Named By LockBit La Segunda Seguros insurance company has been named by LockBit on its leaks site with some samples as proof of claims. The firm offers various types of insurance products, and some of the data may be personal information, such as a file with a medical opinion and information on a work-related injury. There is no notification of any data breach on its website or on its social networks. They did not reply to DataBreaches’ inquiry of February 21. Editing by Dissent
Bits ‘n Pieces (Trozos y Piezas)
ES: Cosmetics firm added by LockBit Skin and hair products firm Montibello has been added by LockBit3.0 to their leaks page. The listing was added on February 14th but without any filetree or proof. DataBreaches emailed Montibello to see if they would confirm or deny an attack but received no reply. There is nothing on their website or social media accounts about any attack. DataBreaches considers this an unconfirmed claim at this time. AR: Energy company attacked by LockBit3.0 Grupo Albanesi is a private company dedicated to the distribution of energy in Argentina. As with Montibello, it was added to LockBit3.0’s leak site on February without any proof. And like Montibello, there is no mention on their website or social media accounts of any incident. An inquiry submitted to them on their site did not receive a reply. MX: Personal and sensitive information on Financiera Reyes customers leaked (Update) DataBreaches previously reported that LockBit3.0 had claimed Financiera Reyes as a victim but had provided no proof and Financiera Reyes had not responded to inquiries from DataBreaches. Financiera Reyes describes itself as a multiple purpose financial company, “non-regulated entity, which does not require authorization from the Ministry of Finance and Public Credit for its constitution and operation, however, it is subject to the supervision of the National Banking and Securities Commission, solely for the purposes of the provisions of article 56 of the General Law of Auxiliary Credit Organizations and Activities.” Data leaked by LockBit confirm LockBit’s claimed attack. The files include documents related to future credit or customers and other files with personal information such as an INE (National Electoral Institute) record, a service ticket, and a document called “Direccion General Del Registro Civil” Nacimiento. An .xlsx file called “Circulocredfinanciera” also included personal data of people who have requested credit. Files in one folder contained files from 2020 to early 2022 with detailed information on people. The file illustrated above is just one of a number of such files that have been leaked. More than two months after the attack was first disclosed by LockBit, there is still no notice of any kind on Financiera Reye’s website, and again they have not responded to inquiries. DataBreaches does not know if they have notified any regulators or consumers. Edited by Dissent.
Bits ‘n Pieces (Trozos y Piezas)
UY: Thomas J. Shandy Attack Claimed by AvosLocker The firm of Thomas J. Schandy has been listed on the leak site for AvosLocker. The February 5 listing claims that the threat actors have about 100 GB of information from the firm which states that their “jurisdiction has particular emphasis on all the national ports of Uruguay.” AvosLocker provided a few files such as curriculum vitae and work agreements as a proofpack. Shandy describes itself as “Comisarios de Avería y Liquidadores de Siniestros” in Uruguay. They act as Lloyd’s agents and P&I correspondents. The firm has no mention on their website about any incident and they have not responded to two email inquiries from DataBreaches asking if they would confirm or deny any attack. CO: Medellin.gov.co attack claimed by LockBit3.0 Here’s a case where a municipality proactively posted notice of a problem. In a tweet on February 2, the Secretaría de Seguridad y Convivencia wrote (machine translation:) We are facing a cyberattack of unknown origin against the dispatch servers of the Integrated Emergency and Security System- SIES-M, which was overcome and repelled on February 1 without ever affecting the operation of the city’s security and emergency agencies. An image of their website notice was embedded in the tweet. On February 6, LockBit3.0 added Medellin.gov.co to its leaks page with five files uploaded as proof. Muchohacker.lol verified the files and described the contents of four of them. One of the screenshots showed a directory of folders and files concerned with homicides. The most sensitive file in the sample was reported to be a document called a “Suicide Attempt Attention Record,” which @hyperconectado wrote revealed the details and personal data of a woman who allegedly attempted to end her life. A fifth file appeared to contain names, cellphone numbers, and email addresses. Neither the mayor’s office nor the Secretary of Security and Coexistence has provided more details or any updates. The mayor’s office has not responded to two emails sent by DataBreaches, and LockBitSupport did not respond on Tox. Muchohacker.lol also reports that the mayor did not respond to them. MX: Avante Textil distributor hit by LockBit3.0 The textile distributor “Avante Textil” was added to the LockBit3.0 leak page on February 2 with some samples as proof such as electronic payment receipts. Avante’s website and social networks do not mention any security incident, so DataBbreaches submitted a web form inquiring about LockBit’s claims. No reply has been received by publication. BR: Politriz data leaked by LockBit3.0 In a previous Trozos y Piezas, DataBreaches reported that an attack on Politriz had been claimed by LockBit3.0 but LockBit had not posted any proof. We can now update that entry and note that Politriz data was dumped on LockBit3.0 on January 27. The 693 folders contain information about the company such as sales balances, some contracts for the provision of services, and accounting. But DataBreaches also noted some personnel-related files like payment records to named employees, some medically-related information like a medical transportation voucher, a doctor’s note that someone needed time off from work, and a military draft file. There is no notice on Politriz’s site about any breach and DataBreaches does not know whether they have notified any employees, regulators, or anyone else.
Bits ‘n Pieces (Trozos y Piezas)
ES: City Council of Durango “Completely Paralyzed” by Cyberattack The City Council of Durango in Biscay reports it is “completely paralyzed” by a cyberattack last Saturday. The news site Durangon quotes the Deputy Mayor, Iker Urkiza (machine translation) that the ‘hacking “has been serious” and that it will paralyze their computer systems “for weeks.” According to the news site, all the council’s computers and corporate email accounts remain deactivated since the weekend. The city has reportedly received a ransom note, but the city will not be paying any ransom. The news report did not identify what malicious actors are involved. The attack has been reported to the Basque Data Protection agency and will be reported to the National Cryptological Center. In the meantime, citizens have complained that although the city demands certain documents by a deadline, they are not telling the citizens whether the deadline will be extended because people are unable to file the necessary documents. MX: Data Leak Involving the Quintana Roo Attorney General’s Office The Quintana Roo Attorney General’s Office appears to have suffered a data leak after a file with 7,910 complaints was published on a popular hacking forum. The goverment agency responded on its Twitter account (Machine Translation): “The #FGEQuintanaRoo informs that it initiated an investigation folder for the theft of registration forms of online complaints filed digitally before this autonomous body.” “The complaint forms refer to the loss of documents, minor thefts, threats, among others. The other computer systems of the Prosecutor’s Office continue to work with the security they should, and the information is not at risk.” The government seems to be saying that it is looking into the leak but there is no risk to other government departments or databases. These complaints reportedly involve loss of papers, minor thefts, and threats. In contrast to what the government writes, the forum user has written a lengthy statement in Spanish that suggests the user is a hacktivist. Their statement, machine translated into English, begins: The Attorney General’s Office of Quintana Roo, in charge of Oscar Montes de Oca Rosales, exposes the security of national and foreign citizens of that important tourist pole by not having any security protocol and protection of personal data of its online complaint system. It is obvious that this valuable online complaint service, where directly or anonymously, anyone can initiate an investigation folder, relating the facts of which he was a victim or of which they have knowledge; the Prosecutor uses it for his convenience by deciding which he investigates, which he covers up and which he ignores without caring about the well-being of citizens. A critical vulnerability in their servers allowed me to obtain the entire database of complaints filed online since the system was opened until today, and using an OCR I extracted the texts of the complaints for an in-depth analysis. I discovered a lot of sensitive and crucial information to solve different crimes in that State, crimes that have to do with disappearance and sale of women of all ages, sexual exploitation, child prostitution networks, kidnappings, drug dealing, executions, extortion and corruption of different public officials and police. The forum user then continues to make derogatory comments about named individuals and the system. Neither the government nor named individuals have as yet responded to the forum user’s character attacks. VE: The Sistema Integral De Control Alimentario Suffers a Cyberattack Sistema Integral De Control Alimentario (SICA) is a technological platform implemented by the National Superintendence of AgriFood Management (SUNAGRO), which controls the agrifood chain in Venezuela. On January 11, the SUNAGRO account tweeted: #ATENCIÓN Se le informa a todos los Sujetos de Aplicación que motivado a un ataque cibernético a nuestros servidores del Sistema Integral de Control Agroalimentario (SICA), el mismo se encuentra fuera de servicio. #JuntosPorLaPatria#SunagroVanguardia pic.twitter.com/OCFaSKzdtD — Sunagro Oficial (@SunagroOficial) January 11, 2023 Machine translation: All Application Subjects are informed that due to a cyberattack on our servers of the Comprehensive AgriFood Control System (SICA), it is out of service. A copy of their official notice was also posted on Twitter, but did not provide specific details about the attack or its impact. Nor was there any mention of ransom or the identity of the attackers. As of today, Sunagro reports that they are operational. BR: Court of Justice of the State of Pará Suffered a Cyberattack The Court of Justice of the State of Pará announced (machine translation) that the computer network of the Court of Justice of Pará identified an alleged cyberattack. Immediately, the Information Technology Secretariat began the corresponding procedures. There was no data loss as the main systems were not accessed. As a precaution, the services will not be available from January 11 to 15, 2023 due to essential security procedures. There doesn’t seem to be any updates from the court or news media since then. BR: GhostSec Leaks Information from Brazilian Government Webmail Many individuals and groups have called themselves “GhostSec” over the years. On January 10, the Telegram channel of one such group calling themselves GhostSec posted in both English and Portuguese that they had gotten access to the Government of brazil’s webmail (gov.br) Now noticing the recent protests and riots in brazil do with this leak coming straight from the government of brazil whatever it is that you see best. but originally we did this purely to fuck with the government of brazil and humiliate their embarrassing security keeping this one short we got 845MB of data from the webmail of gov.br, THE DATA IS ALL YOURS FOR FREE! Includes different Personal information, ID’s, passport info, different receipts and emails from the government and more. We haven’t had the time to go over all the data yet but you can already imagine the amount of shit you can find going through this leak 🙂 When we looked at the files we found that they are from the Prefeitura Municipal de Russas, Ceará, the documents that we can observe are Medical Certificate, Voucher, Resume, registration forms, etc. On reviewing […]
Bits ‘n Pieces (Trozos y Piezas)
MX: BlackCat claims attack on Grupo Estrategas EMM ALPHV, aka BlackCat, claims to have attacked Grupo Estrategas EMM, but the ransomware group has not as yet uploaded any proof of claims. Nor has the insurance firm posted any notice on its website or social media indicating any incident. The insurer has not responded to an inquiry asking them if they have been the victim of the claimed attack. CO: CL0P claims attack on Universidad De La Salle CL0P added Universidad De La Salle to its leak page this week. As proof of claims, they posted images of passports and a copy of an international agreement. The university’s website does not display any notice of any cyberattack, nor could we find any notice on their social networks. A message sent to them on Facebook did not receive a reply. VE: BL00DY Gang claims to have locked textile firm Telas Palo Grande The BL00DY Ransomware Gang has claimed an attack on the Venezuelan textile company Telas Palo Grande. Some details and alleged proof of claims, including screencaps and csv files, have been posted on the group’s Telegram channel. There is nothing on the victim’s website or social media accounts reporting any attack. An attempt to contact the firm via the email contact on their Facebook page failed as the email bounced back. A second email attempt using a contact email address on their website also failed and bounced back with an “address unknown” message. CU: Hacktivists attack University of Havana department sites An individual or individuals calling themself “Anonymous Cuba” disabled some pages of the University of Havana departments. Diario de Cuba reports the hacktivists wrote, in part (machine translation follows): This is our response to Díaz-Canel’s message to the people. Cubans, understand, everything is a farce. We are light years away from the world, everything is a lie. We could not let this sad day go by without doing anything, one more year of misery and repression. #SOSCUBA” wrote La Resistencia Cuba, the Twitter account linked to Anonymous Cuba, which identifies itself as a group of “Cuban hackers for human rights, autonomy and self-governance, resistance to tyranny, for the freedom of our people”. “There is more, much more,” the hacktivists tweeted. Read more at Diario de Cuba. Editing and some additional material by Dissent