OP 02 January, 2022 - 06:04 PM
About the attack:
Quote:The websites of the newspaper Expresso and SIC are temporarily unavailable due to a computer attack by ransomware. In addition to the sites, there is also information that some of the pages' profiles on social networks have been compromised.
Anyone trying to access the Expresso and SIC website now receives the information that the "Site is temporarily unavailable. We will return as soon as possible".
About Lapsus$ Group:
Quote:- Formed by Colombians and Spaniards, there would be no Brazilians involved
- The group has been in existence for 4 months, new to the scene
- A DNS redirection (DNS Hijacking) was performed at the Brazilian Ministry of Health
According to the Axur team, Lapsus also:
- is related to a data leak by the EA Games company
- possibly related to the sale of data from the Schlumberger company
Dorks:
![[Image: FIGU41WXIAEBgNe.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FFIGU41WXIAEBgNe.png)
The domains were also pointed outside the AWS:
![[Image: FIGumO4X0AUuVi6.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FFIGumO4X0AUuVi6.png)
![[Image: FIGuoeIXsAECkZe.jpg]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fpbs.twimg.com%2Fmedia%2FFIGuoeIXsAECkZe.jpg)
