Impresa is Portugal’s largest media conglomerate and owns the country’s largest TV channels and newspaper networks, SIC and Expresso. The attack has affected the websites of both companies and is among the most high-profile cybersecurity incidents in Portugal’s history. While nationwide airwave and cable broadcasts are functioning properly, SIC’s internet streaming services are offline. In most cases, ransomware attacks involve a nefarious actor gaining unauthorized access to systems, and refusing to relinquish access until a ransom is paid. Additionally, these actors threaten to leak confidential or sensitive information stored on the victim’s networks. The Lapsus$ group has taken responsibility for the attack. The group has placed a ransom note on all of Impresa’s websites, threatening to leak internal data. For a short while, it appeared as though the company managed to wrestle back control of its account. On January 2, all of their websites went into maintenance mode. However, the group tweeted the words “Lapsus$ is officially the new President of Portugal” in Portuguese, showing they clearly still had access to Impresa’s network.
Lapsus$ Allegedly Hacked Brazil’s Health Ministry in December
Both Expresso and SIC have reported the incident to Portuguese law enforcement, and the country’s National Cybersecurity Centre (CNCS). Both organizations are actively covering the developments, where they brand the incident as an “unprecedented attack on press freedom in the digital age.” According to Lino Santos, CNCS’s coordinators, this is the first Lapsus$ cyber attack in Portugal. However, this is likely not their first major attack globally. The group was allegedly behind a cyber attack on Brazil’s health ministry in December 2021. The attack shut down several of the ministry’s systems, “including one with information about the national immunization program and another used to issue digital vaccination certificates.”
Protect Yourself from Targeted Phishing Emails
Personally identifiable information such as names, addresses, medical and financial data, etc., can be misused for targeted malicious attacks. In fact, such attacks are on the rise these days. Hackers can use the information to carry out phishing campaigns, as Lapsus$ did with Expresso’s subscribers. Here, attackers impersonate legitimate service providers to lure victims into giving sensitive information like passwords or bank details. Head over to our resource to learn more about phishing and how you can protect yourself.