Poseiden and the Brazilian Data Deluge

Next: Not Your Breach, Still Your Problem
Previous: Tax - and Peak PII - Season is...
The Poseiden Group is just one of a number of criminal organizations operating out of Brazil.
Writer Emily W.
February 15, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

The Poseidon Group has made recent headlines for their somewhat unconventional approach to the security sales process. The corporate hacking group based in Brazil first compromises an organization with custom malware and steals their data, only to then approach the client and suggest — “suggest” — the client bring them on board for security and IT support. The group has been active since 2005, with 35 companies (in Brazil, the United States, Kazakhstan, and Russia, among others) falling victim to their exploits.

This entity is just one of several growing groups of hackers based out of Brazil. Over the past three months, we have seen an increase in the number of Brazilian data leaks, as well as an increase in available compromised Brazilian and South American credit cards on the dark web. This surge includes an increased volume of regional cards on global marketplaces and also the appearance of regional independent fraud markets offering Brazil-specific data and cards.

The Brazilian data leaks, popular on clear net paste sites, include email and password combinations, personal and financial information, and occasionally full databases from Brazilian-based sites or companies. While most of this fraud is unattributed and unsigned, We have seen a handful of users who are taking credit for their efforts. One of these groups, known as Hazards Hackers Brasil, recently dumped a series of what appear to be politically motivated stashes of data.

With comments like “No Corruption” and hashtags including #OlympicHacking, they have released names, credentials, CPFs (Cadastro de Pessoas Fisicas, similar to American Social Security Numbers), and even full databases of personal information from energy companies, consulting companies operating in Brazil, municipal governments, and civic associations. Hazard Hackers Brasil are not the only players in the game, but they are making a concerted effort to become well known for their work.

Due to the increasing commercial activity in Brazil leading into the upcoming Olympics later this summer in Rio de Janeiro, we expect to see a continued uptick in the presence of Brazilian stolen data, particularly involving credit card fraud.

analysis January 08, 2019
New Commodities, New Consequences: Child Data on the Dark Web

analysis December 06, 2018
The Year Ahead: Developments in the Dark Web Data Trade

Sensitive data had a very bad year in 2018—and the year isn’t over yet. With the increase of large-scale breaches, what drives the underground economy for data on dark web markets? How will that...