Poseiden and the Brazilian Data Deluge

Next: Not Your Breach, Still Your Problem
Previous: Tax - and Peak PII - Season is...
The Poseiden Group is just one of a number of criminal organizations operating out of Brazil.
Writer Emily W.
February 15, 2016

Emily serves as the Director of Analysis at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

The Poseidon Group has made recent headlines for their somewhat unconventional approach to the security sales process. The corporate hacking group based in Brazil first compromises an organization with custom malware and steals their data, only to then approach the client and suggest — “suggest” — the client bring them on board for security and IT support. The group has been active since 2005, with 35 companies (in Brazil, the United States, Kazakhstan, and Russia, among others) falling victim to their exploits.

This entity is just one of several growing groups of hackers based out of Brazil. Over the past three months, we have seen an increase in the number of Brazilian data leaks, as well as an increase in available compromised Brazilian and South American credit cards on the dark web. This surge includes an increased volume of regional cards on global marketplaces and also the appearance of regional independent fraud markets offering Brazil-specific data and cards.

The Brazilian data leaks, popular on clear net paste sites, include email and password combinations, personal and financial information, and occasionally full databases from Brazilian-based sites or companies. While most of this fraud is unattributed and unsigned, We have seen a handful of users who are taking credit for their efforts. One of these groups, known as Hazards Hackers Brasil, recently dumped a series of what appear to be politically motivated stashes of data.

With comments like “No Corruption” and hashtags including #OlympicHacking, they have released names, credentials, CPFs (Cadastro de Pessoas Fisicas, similar to American Social Security Numbers), and even full databases of personal information from energy companies, consulting companies operating in Brazil, municipal governments, and civic associations. Hazard Hackers Brasil are not the only players in the game, but they are making a concerted effort to become well known for their work.

Due to the increasing commercial activity in Brazil leading into the upcoming Olympics later this summer in Rio de Janeiro, we expect to see a continued uptick in the presence of Brazilian stolen data, particularly involving credit card fraud.

RELATED ARTICLES
analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...

analysis October 02, 2018
The Truth About Dark Web Pricing

Asking how much data costs on the dark web is a good question, but the line of inquiry should not end there. In our research of the dark web, Terbium Labs not only examines...