Your personal data in the wrong hands

What happens when all of your personal data is readily available for use by a cybercriminal?

Last November we published a blog talking about Brazilian phishing attacks that displayed the victims’ CPF numbers – the Natural Persons Register, the equivalent of a Social Security Number used by the Brazilian government to identify each citizen. A CPF is the most important document a Brazilian citizen possesses. It’s a prerequisite for a series of tasks like opening bank accounts, getting or renewing a driver’s license, buying or selling real estate, receiving loans, applying for jobs (especially public ones), getting a passport or credit cards, etc.

But this incident was just the tip of the iceberg.

Due to our constant monitoring of malicious activities, we found some bad guys offering access to a complete database of all Brazilian citizens that have a CPF – all you need to do is contact a number and the system will bring you the complete personal data of a potential victim. The database is complete and contains data about every Brazilian, including myself.

The search results display your full name, date of birth, address, filiations, city, zip code, etc – all easily available to a cybercriminal.

We found 3 mirrors of this website offering this kind of ‘service’ to Brazilian bad guys – it’s a service that we call C2C (cybercriminals to cybercriminals).

Using such data it is possible for a cybercriminal to impersonate a victim and steal their identity in order to access resources or obtain credit and other benefits in that person’s name. Another example of malicious use involves Internet banking access – if you are performing an online operation, your bank will probably ask for some personal information to confirm your identity. Having access to this information provides the cybercriminals with the first step towards a targeted attack using your data.

You are probably wondering how the cybercriminals obtained this kind of information. Basically, it occurred through incidents of data leakage – not only from governmental departments, but via e-commerce and other corporate entities that have had their databases attacked and their data stolen, too.

Nowadays, we see that the problem of protecting private information is not just confined to users, but applies equally to governments and corporations alike. Brazil isn’t the only country in the world facing such problems either. Over the course of time, governmental and corporate databases in many other nations have reported similar instances of sensitive information about citizens or employees being leaked.

The Brazilian authorities are currently investigating this incident.

Your personal data in the wrong hands

Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox