Hackers target Portugal’s Impresa group, taking major sites down

The websites of one of Portugal’s most prestigious newspapers and of a leading television broadcaster – both owned by the country’s largest media conglomerate Impresa – were brought down on Monday after being hit by hackers over the holiday weekend.

Expresso newspaper and SIC noticias have said they will be filing complaints and have reported the incidents to both the PJ (criminal police) and CNCS (the national cybersecurity centre).

The alleged hackers, calling themselves Lapsus$ Group, published a message on the websites saying that internal data would be leaked if Imprensa failed to pay a ransom.

The message included email and Telegram contact information.

Lapsus$ also sent a phishing email to Expresso subscribers, tweeted from the paper’s verified Twitter account, and claims to have gained access to Imprensa’s Amazon Web Services account.

Lapsus$ has history: it is understood to be the same group that hacked into Brazil’s health ministry website last month, taking several systems down, including one with information about the national vaccination programme, and another used to issue digital vaccination certificates (which were subsequently delayed). It also hit a US games giant, Electronic Arts, last May.

CNCS’s coordinator Lino Santos has told Observador online that this is the first time Lapsus$ has attacked in Portugal.

For the time being, the targeted sites remain offline, with the message that they are “temporarily unavailable” and will be returning “as soon as possible”.

Both media organisations are publishing news on their social media channels.

They have described the hack as “an unprecedented attack on press freedom in the digital age”.

But the reality is that this is very likely to be the pattern of things to come.

According to experts working for cybersecurity company Kaspersky, ‘advanced persistent threats’ or APTs are the consequences of ‘growing politicisation’ of cyberspace.

They predict a return of ‘low level attacks’ during 2022, the appearance of new APT players and a “growth of attacks to supply chains”.

According to Rádio Renascença, investigators believe mobile devices will be exposed to more sophisticated attacks and “cyber criminals will continue to use unprotected employees’ home computers as a way to access company networks. There will be the use of social engineering to steal credentials, and force attacks on business services to gain access to poorly protected servers”.

As to sums paid out to Lapsus$, nothing is clear. Certainly the US attack rendered them nothing, but it may be they were paid to release their hold on the Brazilian health ministry sites.

Says RR, Brazilian meat company, JBS, admitted last summer to having paid a group of hackers 11 million dollars.

[email protected]