An unknown user named GhostSec claimed to have data from the Brazil government website and was allegedly selling it for free on hacker forums.
The post claimed to have personal information related to IDs, passports, receipts, email addresses, etc. A Telegram link for downloading the stolen data was also shared on the forum.
With 845MB of stolen data allegedly from Brazil’s government website gov.br, the cybercriminals ‘GhostSec’ claimed that the attack was done for “freedom”.
They stated that their hacking attempt was an act of “demolishing everything” in their way. Moreover, it was noted that the account name of the individual who posted on the hacking forum was similar to the hacktivist group GhostSec aka Ghost Security.
The group was discovered in 2015 and has shown solidarity with Ukraine against its war against Russia.
Considered an organized group, GhostSec has been reported to change their motivation from hacktivism to making money.
Data from Brazil government website leaked for free
The post read, “Now noticing the recent protests and riots in brazil do with this leak coming straight from the government of brazil whatever it is that you see best.”
The exfiltration of data was to agitate the government of Brazil and bring them down. The post concluded with “HACK THE PLANET” phrase, perhaps suggesting that they will continue with their data-leaking activities.
According to the, the cybercriminal who revealed information regarding the breach of the Brazil government website joined the hacker forum in June 2022.
They made the data available for free without any cost unlike other data leak posts in the recent past that have been demanding a sum lesser than the ransom.
Leaked data on hacker forums can be misused to send phishing emails with malware, or send spearphishing emails asking for specific account data to be filled in their forms such as credit card numbers, CVV, pins, etc.
The data from the Brazil government website was available by accessing a Telegram link according to the post.
Tens and hundreds of company data have been leaked on the hacker forum in January so far. Many cybercriminals have gone ahead and written that they are selling the data on the forums because they were denied a ransom.