Poseiden and the Brazilian Data Deluge

Next: Not Your Breach, Still Your Problem
Previous: Tax - and Peak PII - Season is...
The Poseiden Group is just one of a number of criminal organizations operating out of Brazil.
Writer Emily W.
February 15, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

The Poseidon Group has made recent headlines for their somewhat unconventional approach to the security sales process. The corporate hacking group based in Brazil first compromises an organization with custom malware and steals their data, only to then approach the client and suggest — “suggest” — the client bring them on board for security and IT support. The group has been active since 2005, with 35 companies (in Brazil, the United States, Kazakhstan, and Russia, among others) falling victim to their exploits.

This entity is just one of several growing groups of hackers based out of Brazil. Over the past three months, we have seen an increase in the number of Brazilian data leaks, as well as an increase in available compromised Brazilian and South American credit cards on the dark web. This surge includes an increased volume of regional cards on global marketplaces and also the appearance of regional independent fraud markets offering Brazil-specific data and cards.

The Brazilian data leaks, popular on clear net paste sites, include email and password combinations, personal and financial information, and occasionally full databases from Brazilian-based sites or companies. While most of this fraud is unattributed and unsigned, We have seen a handful of users who are taking credit for their efforts. One of these groups, known as Hazards Hackers Brasil, recently dumped a series of what appear to be politically motivated stashes of data.

With comments like “No Corruption” and hashtags including #OlympicHacking, they have released names, credentials, CPFs (Cadastro de Pessoas Fisicas, similar to American Social Security Numbers), and even full databases of personal information from energy companies, consulting companies operating in Brazil, municipal governments, and civic associations. Hazard Hackers Brasil are not the only players in the game, but they are making a concerted effort to become well known for their work.

Due to the increasing commercial activity in Brazil leading into the upcoming Olympics later this summer in Rio de Janeiro, we expect to see a continued uptick in the presence of Brazilian stolen data, particularly involving credit card fraud.

analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...