Brazilian Hackers Target Portuguese Financial Institutions in Operation Magalenha
A Brazilian hacking group has initiated a potent cyber-attack campaign against more than thirty Portuguese financial institutions in an effort to breach their security systems and gain unauthorized access to sensitive financial data. This cybercrime illustrates the persistent nature of the Brazilian cybercriminal underground and is the latest of financially motivated malware campaigns from Brazil that target institutions outside the country’s border. Researchers from SentinelLabs released a report identifying the ongoing campaign as Operation Magalenha. The group relied on cloud service providers like DigitalOcean and Dropbox initially, but they have recently pivoted to the Russian web hosting provider TimeWeb as a result of tightening rules by their previous providers. The attacks started at the beginning of 2023, but the bulk of the assaults took place later in May.
History of Brazilian Cybercrime
Brazil‘s malware ecosystem has a rich history and caught the attention of the information security industry a decade ago with increasingly sophisticated hacking groups working with malware developers based abroad, including those in Eastern Europe and Russia. The country continues to be the epicenter of potent financially focused malware, including four banking trojans known as the “Tetrade” identified by Kaspersky researchers in 2020. The persistent and consistent threat from Brazilian cybercriminals underscores their capacity to update their malware arsenal and tactics, allowing them to remain effective in their campaigns.
Method of Operation
Operation Magalenha, in its latest iteration, is a financially motivated hacking effort that relies on a pair of backdoors deployed simultaneously to give the attacker control over compromised machines. Dubbed “PeepingTitle,” the backdoors permit the attacker to monitor window interaction, take unauthorized screenshots, terminate processes, and deploy additional malware such as data exfiltration instruments. Researchers from the SentinelLabs report that the Brazilian hacking groups have illustrated a remarkable capacity to coordinate attacks in Portugal, Brazil, Europe, Central, and Latin America, pointing to an understanding of the local financial landscape and a willingness to spend resources developing targeted campaigns
Advice to Financial Institutions
Institutions must adopt proactive and advanced technologies to protect themselves from the growing sophisticated attacks by cybercriminals. Financial institutions must incorporate frequent backups and disaster recovery practices, regularly test security systems against diverse attempts, such as DDoS attacks and social engineering, and educate staff on how to secure data and recognize phishing or other security threats. Collaboration with security teams and sharing critical security information within the sector could help in tackling the evolving threats and reduce financial losses in the industry.
Editorial
The persistent and advanced nature of cyber attacks makes cybersecurity a vital aspect of modern-day technology. Hackers are continuously developing techniques to access financial institutions, and this campaign illustrates the necessity of cybersecurity awareness and spotlight Brazil‘s important role in the world’s cyber threat landscape. The Portuguese financial institutions’ hack demonstrates the need for global collaboration to combat cybercrime and highlights the need for banks to fortify their security systems to protect their clients’ assets.
<< photo by Petter Lagson >>
