The Poseidon Group has made recent headlines for their somewhat unconventional approach to the security sales process. The corporate hacking group based in Brazil first compromises an organization with custom malware and steals their data, only to then approach the client and suggest — “suggest” — the client bring them on board for security and IT support. The group has been active since 2005, with 35 companies (in Brazil, the United States, Kazakhstan, and Russia, among others) falling victim to their exploits.
This entity is just one of several growing groups of hackers based out of Brazil. Over the past three months, we have seen an increase in the number of Brazilian data leaks, as well as an increase in available compromised Brazilian and South American credit cards on the dark web. This surge includes an increased volume of regional cards on global marketplaces and also the appearance of regional independent fraud markets offering Brazil-specific data and cards.
The Brazilian data leaks, popular on clear net paste sites, include email and password combinations, personal and financial information, and occasionally full databases from Brazilian-based sites or companies. While most of this fraud is unattributed and unsigned, We have seen a handful of users who are taking credit for their efforts. One of these groups, known as Hazards Hackers Brasil, recently dumped a series of what appear to be politically motivated stashes of data.
With comments like “No Corruption” and hashtags including #OlympicHacking, they have released names, credentials, CPFs (Cadastro de Pessoas Fisicas, similar to American Social Security Numbers), and even full databases of personal information from energy companies, consulting companies operating in Brazil, municipal governments, and civic associations. Hazard Hackers Brasil are not the only players in the game, but they are making a concerted effort to become well known for their work.
Due to the increasing commercial activity in Brazil leading into the upcoming Olympics later this summer in Rio de Janeiro, we expect to see a continued uptick in the presence of Brazilian stolen data, particularly involving credit card fraud.