The websites of one of Portugal’s most prestigious newspapers and a leading TV broadcaster – both owned by the country’s largest media conglomerate, Impresa – were shut down on Monday after being hit by hackers computers during the bank holiday weekend.
The Expresso newspaper and SIC noticias announced that they would file complaints and reported the incidents to the PJ (criminal police) and CNCS (the national cybersecurity center).
Suspected hackers, calling themselves Lapsus $ Group, posted a message to the websites saying internal data would be leaked if Imprensa did not pay a ransom.
The message included contact information via email and Telegram.
Lapsus $ also sent a phishing email to Espresso subscribers, tweeted from the newspaper’s verified Twitter account, and claims to have had access to Imprensa’s Amazon Web Services account.
Lapsus $ has a story: This is said to be the same group that hacked into Brazil’s health ministry website last month, dismantling several systems, including one containing information about the national immunization program, and another used to issue digital vaccination certificates (which were then delayed). It also hit American gaming giant Electronic Arts last May.
CNCS coordinator Lino Santos told Observador Online it was the first time Lapsus $ attacked in Portugal.
For the moment, the targeted sites remain offline, with the message that they are “temporarily unavailable” and that they will come back “as soon as possible”.
Both media organizations post news on their social media channels.
They described the hack as “an unprecedented attack on press freedom in the digital age”.
But the reality is, it will most likely be the pattern for things to come.
According to experts working for cybersecurity firm Kaspersky, “advanced persistent threats” or APTs are the consequences of the “growing politicization” of cyberspace.
They predict a return of “low-level attacks” during 2022, the emergence of new APT players and “growth in attacks on supply chains”.
According to Rádio Renascença, investigators believe that mobile devices will be exposed to more sophisticated attacks and that “cybercriminals will continue to use the personal computers of unprotected employees as a means of accessing corporate networks. There will be the use of social engineering to steal credentials and force attacks on commercial services to gain access to poorly protected servers ”.
As for the sums paid to Lapsus $, nothing is clear. Admittedly, the American attack did not bring them anything, but they may have been paid to loosen their grip on the sites of the Brazilian Ministry of Health.
According to RR, the Brazilian meat company JBS, admitted last summer that it paid $ 11 million to a group of hackers.