The Lapsu$ Group, which claimed responsibility for the attack on the Ministry of Health’s systems this Friday (10), is a relatively new group that, in internet forums, announced that it had hacked into the systems of the electronic games giant Eletronic Arts (EA), responsible for successes such as FIFA, The Sims and Battlefield franchises. The information is from the executive director of the cyber security company Harpia, Filipe Soares.
The website and several systems of the Ministry of Health have been down since the early hours of this Friday. According to Minister Marcelo Queiroga, the fall was the result of a hacker attack that is being investigated by the Federal Police and the Institutional Security Office (GSI). The attack was claimed by a self-styled Lapsu$ Group.
In the early hours of the morning, anyone trying to access the folder’s website would find a message stating that more than 50 terabytes of data had been “copied and deleted” during the invasion.
In the early afternoon, Marcelo Queiroga said in an interview that the folder would have a backup of the data and that the technicians would be working to get the systems back to normal.
But what is the Lapsu$ Group?
Filipe Soares is a former member of the Brazilian Intelligence Agency (Abin) who, a few years ago, left public service and set up his own cybersecurity company. He monitors electronic threats in different parts of the world and says that, according to records collected so far, Lapsu$ is a relatively new and inactive group.
“The first records detected about his activity would be from May this year,” he said.
Soares says that these records were detected in internet forums that bring together hackers from all over the world.
In May, a post signed by the Lapsu$ Group reported an alleged breach of Electronic Arts’ databases during which 780 gigabytes of user data and source codes were allegedly stolen. The post also indicated that the company should pay for the redemption of the information.
In June, the company confirmed that it had been the victim of an “intrusion incident” on its networks and that a limited amount of data had been stolen. There was no confirmation, however, that the responsible for the invasion would be the “Lapsu$ Group”. There was also no information on whether EA paid for the ransom.
Soares says that a second record of the Lapsu$ Group’s performance came in August, when users of Itunes, a service provided by Apple, reported receiving messages signed by the group reporting data theft from telephone operators operating in the UK. In this case, there was no confirmation that the attack actually took place.
How big is the attack on the Ministry of Health?
Soares explains that it is difficult, at this time, to scale the size of the attack on the Ministry of Health. According to him, if the folder has a copy (backup) of the data, the consequences are smaller and there was no compromise for a longer period of the services offered by the organ.
“From the outside, it is difficult to know the extent of the damage, but if there is, in fact, a backup, the restoration of services should not take long. In a matter of hours, this could be restored,” he said.
According to a statement released by the Ministry of Health, some of the most important systems in the folder are currently down:
– e-SUS Notifica, which is responsible for Covid-19 case notifications
– National Immunization Program Information System (SI-PNI)
– ConectaSUS, responsible for issuing vaccination certificates against Covid-19
The note released by the folder does not inform whether or not there was “theft” or “copy” of data from users of the Unified Health System (SUS).
In practice, people are unable to access their Covid-19 vaccination certificates through the Ministry of Health application.
Hours after the attack, the executive secretary of the Ministry of Health, Rodrigo Cruz, announced that the government will postpone by one week the entry into force of the requirement to present proof of complete vaccination against Covid-19 for travelers who want to join the parents.
The rule would take effect on Saturday (11). Another rule that will be postponed is the one that provided for a five-day quarantine for unvaccinated international travelers.
Cruz said that postponing the entry into force of the new rules was a “precautionary” measure.
Hacktivismo
A source from the Federal Police interviewed by BBC News Brasil said that investigators are working with the possibility that the attack was an action known as “hacktivism”.
This thesis would be the most plausible, according to her, because, so far, no request for financial rescue in exchange for the allegedly stolen data would have been forwarded to the Ministry of Health.
Filipe Soares explains that in this type of attack, the hackers’ intention is to attract attention to an issue or to a specific governmental or private body.
“Hacktivism is cybernetic action in order to send a message. Sometimes this message may be against some public policy, it doesn’t seem to be the case at the moment. What is very common is for a group to attack public pages to show that the government is not taking care of the cyber infrastructure”, he explains.
.
Chad-98Weaver, a distinguished author at NewsBulletin247, excels in the craft of article writing. With a keen eye for detail and a penchant for storytelling, Chad delivers informative and engaging content that resonates with readers across various subjects. His contributions are a testament to his dedication and expertise in the field of journalism.
