Hackers stole nearly $ 140 million from six banks in Brazil, a company using an employee’s credibility from a company C&M, providing financial connectivity solutions.
The incident allegedly occurred on June 30, when the attackers bribed the employee to give their account credentials and take specific action, which would help in their operation.
Yearning
As Brazilian media reportsThe employee (Joo Nazreno Rawke) sold his corporate credentials to the hackers in about $ 920, giving them access to a confidential system associated with the Central Bank of Brazil.
The Roque executed the command in the C&M system, as directed by the perception of hackers by the hackers. He received another $ 1,850 for this.
The C&M employee tried to hide his activity and changed the mobile phone every 15 days, but was arrested on 3 July in Sao Paulo.
The danger actors assured to participate in the operation after contacting the stop once left.
This shows that the attackers conducted their research to identify the potentially weak links in the company, recently reflected a similar approach against the coinbase, where support agents in India were bribed to remove sensitive customer information.
The Brazilian police are allegedly managing three investigations in this massive attack, but no details about hackers have been published.
Crypto wallets monitor
Meanwhile, blockchain investigator Zachxbt wrote on Telegram The attackers have already changed $ 30-40 million of stolen money in cryptocurrency such as BTC, ETH and USDT. He used various exchanges and unleashed the Latin American over-the-counter (OTC) markets.
Zachxbt notes that he is monitoring the address of the wallet of danger actors and assisting officers in freezing the fund.
In a Brazilian media statement, C&M emphasized that its systems remain safe, and the attack was possible only through social engineering, not safety defects.
The company also said that its conservation structure played an important role in pointing the source of unauthorized access and supporting the police investigation.
Bleepingcomputer has also reached C & M about the incident, but a comment was not available immediately.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
