On Tuesday (16), the Federal Police carried out Operation Dark Cloud, whose main target was some alleged members of the Lapsus group. The goal of the work is to find evidence against members of the group that attacked the Department of Health and other federal government offices, as well as companies such as Mercado Livre, Microsoft, Samsung and Nvidia.
Eight search and seizure warrants are in place at the addresses of the states of Minas Gerais, Parana, Santa Catarina and Paraíba. According to the Federal Police, the operation is part of an ongoing investigation since last year against a so-called “transnational criminal organization”, which committed digital crimes against public entities and bodies not only in Brazil, but also in at least one country and at least three other countries. .
The United States, Portugal and Colombia are mentioned by name, while the official statement from the authorities does not provide details about the possible arrests or the whereabouts of LAPS members in Brazil. In the official statement, the Federal Police said it was investigating crimes such as corruption of minors, money laundering, computer invasion and criminal organization.
After the attack on the Department of Health, which left the ConectSUS app offline for about two weeks, other federal government folders were affected as well. Targets such as the Federal Highway Police, the Ministry of Economy and the Federation’s Comptroller General have put the spotlight on Lapsus and also followed the idea that it was a national data theft gang – but without the cross-lock in ransomware cases. – and receive a ransom for not leaking information.
In the case of the Ministry of Health, for example, investigations concluded that the cloud computing environment in the folder was improperly accessed, as information, folders and other instances were deleted by criminals. This has led to the unavailability of ConectSUS, which is to this day the application that allows citizens and the government itself to control appointments, consultations, actions, alerts, and above all the status of vaccination against Covid-19.
In the international arena, Lapsus is also said to have been responsible for obtaining source codes and information from companies such as Mercado Livre, Microsoft, LG, Samsung and Nvidia. In these cases, the gang used leaked credentials and social engineering in a way that bombarded employees with back-to-back login requests, until one of them was accepted and the scammers were allowed to intrude into the system.
But since the global authorities’ blockade closed, Lapsos has been out of circulation, especially after two teenagers, one 16 and one 17, were arrested in the UK. However, Operation Dark Cloud is the first to be carried out in Brazil with a direct focus on the gang and is part of the investigations that are still ongoing by the Federal Revenue Service.
source: Brazil Agency