ES: City Council of Durango “Completely Paralyzed” by Cyberattack
The City Council of Durango in Biscay reports it is “completely paralyzed” by a cyberattack last Saturday.
The news site Durangon quotes the Deputy Mayor, Iker Urkiza (machine translation) that the ‘hacking “has been serious” and that it will paralyze their computer systems “for weeks.” According to the news site, all the council’s computers and corporate email accounts remain deactivated since the weekend.
The city has reportedly received a ransom note, but the city will not be paying any ransom. The news report did not identify what malicious actors are involved. The attack has been reported to the Basque Data Protection agency and will be reported to the National Cryptological Center.
In the meantime, citizens have complained that although the city demands certain documents by a deadline, they are not telling the citizens whether the deadline will be extended because people are unable to file the necessary documents.
MX: Data Leak Involving the Quintana Roo Attorney General’s Office
The Quintana Roo Attorney General’s Office appears to have suffered a data leak after a file with 7,910 complaints was published on a popular hacking forum.
The goverment agency responded on its Twitter account (Machine Translation):
“The #FGEQuintanaRoo informs that it initiated an investigation folder for the theft of registration forms of online complaints filed digitally before this autonomous body.”
“The complaint forms refer to the loss of documents, minor thefts, threats, among others. The other computer systems of the Prosecutor’s Office continue to work with the security they should, and the information is not at risk.”
The government seems to be saying that it is looking into the leak but there is no risk to other government departments or databases. These complaints reportedly involve loss of papers, minor thefts, and threats.
In contrast to what the government writes, the forum user has written a lengthy statement in Spanish that suggests the user is a hacktivist. Their statement, machine translated into English, begins:
The Attorney General’s Office of Quintana Roo, in charge of Oscar Montes de Oca Rosales, exposes the security of national and foreign citizens of that important tourist pole by not having any security protocol and protection of personal data of its online complaint system. It is obvious that this valuable online complaint service, where directly or anonymously, anyone can initiate an investigation folder, relating the facts of which he was a victim or of which they have knowledge; the Prosecutor uses it for his convenience by deciding which he investigates, which he covers up and which he ignores without caring about the well-being of citizens.
A critical vulnerability in their servers allowed me to obtain the entire database of complaints filed online since the system was opened until today, and using an OCR I extracted the texts of the complaints for an in-depth analysis.
I discovered a lot of sensitive and crucial information to solve different crimes in that State, crimes that have to do with disappearance and sale of women of all ages, sexual exploitation, child prostitution networks, kidnappings, drug dealing, executions, extortion and corruption of different public officials and police.
The forum user then continues to make derogatory comments about named individuals and the system.
Neither the government nor named individuals have as yet responded to the forum user’s character attacks.
VE: The Sistema Integral De Control Alimentario Suffers a Cyberattack
Sistema Integral De Control Alimentario (SICA) is a technological platform implemented by the National Superintendence of AgriFood Management (SUNAGRO), which controls the agrifood chain in Venezuela. On January 11, the SUNAGRO account tweeted:
Se le informa a todos los Sujetos de Aplicación que motivado a un ataque cibernético a nuestros servidores del Sistema Integral de Control Agroalimentario (SICA), el mismo se encuentra fuera de servicio. #JuntosPorLaPatria#SunagroVanguardiapic.twitter.com/OCFaSKzdtD
All Application Subjects are informed that due to a cyberattack on our servers of the Comprehensive AgriFood Control System (SICA), it is out of service.
A copy of their official notice was also posted on Twitter, but did not provide specific details about the attack or its impact. Nor was there any mention of ransom or the identity of the attackers.
BR: Court of Justice of the State of Pará Suffered a Cyberattack
The Court of Justice of the State of Pará announced (machine translation) that
the computer network of the Court of Justice of Pará identified an alleged cyberattack. Immediately, the Information Technology Secretariat began the corresponding procedures. There was no data loss as the main systems were not accessed.
As a precaution, the services will not be available from January 11 to 15, 2023 due to essential security procedures.
There doesn’t seem to be any updates from the court or news media since then.
BR: GhostSec Leaks Information from Brazilian Government Webmail
Many individuals and groups have called themselves “GhostSec” over the years. On January 10, the Telegram channel of one such group calling themselves GhostSec posted in both English and Portuguese that they had gotten access to the Government of brazil’s webmail (gov.br)
Now noticing the recent protests and riots in brazil do with this leak coming straight from the government of brazil whatever it is that you see best. but originally we did this purely to fuck with the government of brazil and humiliate their embarrassing security
keeping this one short we got 845MB of data from the webmail of gov.br, THE DATA IS ALL YOURS FOR FREE! Includes different Personal information, ID’s, passport info, different receipts and emails from the government and more. We haven’t had the time to go over all the data yet but you can already imagine the amount of shit you can find going through this leak 🙂
When we looked at the files we found that they are from the Prefeitura Municipal de Russas, Ceará, the documents that we can observe are Medical Certificate, Voucher, Resume, registration forms, etc. On reviewing their website we did not find any notification of any data leakage occurred recently, neither in their social networks, we also sent them an email to see if they have been alerted about their files and also encouraging them to review their systems.
GhostSec Telegram post.
An email inquiry sent to the government yesterday to ask about the claims did not receive any reply.
ES: Update to Centro Médico Virgen De La Caridad Ransomware Incident
On January 2, DataBreaches reported that Hive ransomware gang had added Centro Médico Virgen de la Caridad to its leak site. A spokesperson for Hive informed DataBreaches that they had partially encrypted the hospitals and health system.
On January 12, Hive leaked data from the health system. The leak included patient data.
Some of the files leaked by Hive. Filenames redacted by DataBreaches.net.
As of today, there is still no statement on the health system’s website or Twitter account. The latter was last updated on December 30, after the claimed attack by Hive. CMVC never responded to two inquiries from DataBreaches earlier this month. DataBreaches has today sent an inquiry to the Spanish data protection regulator to ask whether the incident has been reported to them.
