A hacker group called “Everest” claims to have accessed data from a network they called “Gov Brazil”, an allusion to the Brazilian government.
On one website, the group offers sales of network access and quotes “over 3 terabytes of data”. The gang does not specify what information is available, nor what government services would have been compromised.
In a statement, the Federal Data Processing Service (Serpro) says it has not detected an intrusion.
“On the rumor of theft of data from the Brazilian government by a group of crackers from abroad, Serpro claims that the systems developed and maintained by the company are still in full operation and there is no evidence of cybercrime in our databases”, he says.
Everest’s declaration was detected by DarkTracera company that monitors the activity of cybercrime groups.
Everest emerged last year with extortion campaigns.
A common tactic among cybercriminals, and which has become a multi-million dollar business for them, is the so-called double extortion. In these cases, after invading the victim’s computers and blocking their access, they charge a ransom to restore normality and a second amount so that the stolen data is not leaked on the internet.
Everest adds an extra component. They sell to third parties not only the data, but the ways to access the system itself. This can be an extra threat, as other attackers could also enter the compromised infrastructure.
Determining the origin of cybercriminal groups is a tricky task, but previous analyzes of Everest attacks indicate some connection to Russia.
According to the NCC Group, a British cybersecurity consultancy, the Everest group is a “Russian-speaking” group. Checking the language used in malicious programs and in the communications of hacker groups is a strategy often used by experts as an indication of the origin of these gangs.
An in-depth analysis of this hacker group by the same consultancy indicated a link between the viruses used by Everest and those of another gang, BlackByte. This prevents infecting computers of Russian entities.
The onslaught comes on the heels of other attacks on Latin American governments by Conti, a hacker group that experts believe is also Russian.
In April of this year, Conti announced that it had invaded Peru’s state intelligence agency. Around the same time, the group launched campaigns against Costa Rican government systems, impacting medical appointments and tax payments.
I have over 8 years of experience in the news industry. I have worked for various news websites and have also written for a few news agencies. I mostly cover healthcare news, but I am also interested in other topics such as politics, business, and entertainment. In my free time, I enjoy writing fiction and spending time with my family and friends.