Hackers stole nearly $140 million from six banks in Brazil by using an employee's credentials from C&M, a company that offers financial connectivity solutions.
The incident reportedly occurred on June 30, after the attackers bribed the employee to give them his account credentials and perform specific actions that would help their operations.
Insider threat
According to Brazilian media reports, the employee (João Nazareno Roque) sold his corporate credentials to the hackers for roughly $920, granting them access to a confidential system connected to Brazil’s Central Bank.
Roque then executed commands into C&M systems as instructed by the hackers through the Notion collaboration. He received another $1,850 for this.
The C&M employee attempted to conceal his activity and changed mobile phones every 15 days, but he was arrested on July 3 in São Paulo.
The threat actors convinced Roque to participate in the operation after being approached when he was leaving a bar.
This shows the attackers did their research identifying potential weak links in the company, mirroring a similar approach against Coinbase recently, where support agents in India were bribed to siphon out sensitive customer information.
The Brazilian police reportedly are managing three investigations into this large-scale attack but no details about the hackers have been published.
Crypto wallets monitored
... continue reading