Brazilian Police To Arrest Lapsus$ Members

[✨ Megiddo]

Brazil launched an investigation into the actions of the group after numerous cyber attacks on state institutions in the country.

On August 16, the Brazilian Federal Police issued 8 search and seizure warrants as part of an investigation into attacks claimed by the Lapsus$ group that disrupted the country's Ministry of Health in December 2021. The police announced this in a press release.

The police did not specifically name the Lapsus$ Group, but the details of the investigation matched the group's attack. Experts attribute the attacks to "a transnational cybercriminal organization "targeting public and private organizations in Brazil, the United States, Portugal and Colombia."

According to the Brazilian police, in addition to the Ministry of Health, the attacker penetrated 9 other local organizations, including the Ministry of Economy and the National Electricity Agency.

After investigating the attack on the Brazilian Ministry of Health, Microsoft wrote that the group's tactics included the following:

• telephone social engineering;

• SIM replacement to facilitate account takeover;

• access to email accounts of employees of target organizations;

• paying employees, suppliers or business partners of target organizations to access credentials;

• bypass multi-factor authentication;

• interfering with calls of their victims for communication in crisis situations;

• use of insiders in the company for attacks.

In March, UK police arrested 7 alleged Lapsus$ members aged 16 to 21. However, the group continued to post messages in the days following the arrests, including information about the Globant data breach. However, there have been no messages in the Lapsus$ Telegram channel since the end of March.
__________________