Theft of $140 Million from Brazilian Banks, Telegram Outages, and Other Cybersecurity Events

Brazilian Banks Lose $140 Million Due to Collusive Employee On July 7, one of the largest hacker attacks on the banking sector in the past year was reported. Cybercriminals stole approximately $140 million from six Brazilian financial institutions by using the credentials of a C&M Software employee. The incident occurred on June 30, when the attackers bribed João Nazareno Roque and gained access to the system using his credentials. According to police, he also relayed instructions to perform certain actions that ensured the attack’s success. Roque initially received $920 for his involvement. Later, following the attackers’ recommendations, he ran commands inside C&M’s infrastructure and earned an additional $1,850, according to reports. Roque attempted to conceal his activities by changing cell phones every 15 days. However, on July 3, he was detained in São Paulo. It is estimated that at least $30–40 million of the stolen funds were converted into crypto-assets. According to an investigation by on-chain detective ZachXBT, the attackers converted the funds into BTC, ETH, and USDT through Latin American OTC and crypto exchanges. Basketball Player Suspected of Cyber Extortion On July 9, news emerged of the detention of Russian professional basketball player Daniil Kasatkin. According to media reports, he was arrested on June 21 at Charles de Gaulle Airport in France, at the request of U.S. authorities. The athlete is accused of acting as a negotiator in a hacker network that used ransomware. Kasatkin remains in custody, and U.S. authorities are seeking his extradition to face charges. His lawyer has declared the athlete’s innocence. The name of the hacker group has not been disclosed. Between 2020 and 2022, the attackers reportedly carried out more than 900 attacks on various organizations, including two federal agencies. McDonald’s AI Bot Vulnerability Led to Leaked Employee Hiring Database According to Wired, researchers Ian Carroll and Sam Curry discovered critical vulnerabilities in the McHire system on June 9. The platform, which hires employees for McDonald’s, uses an AI bot named Olivia. Using simple passwords like ”123456,” the researchers gained access to the admin panel of the platform’s developer, Paradox.ai. It contained a database with 64 million records, including job seekers’ names, emails, and phone numbers. Since 2019, the platform had been accessible without two-factor authentication. Paradox.ai acknowledged the leak and stated that the account was not used by third parties other than the researchers themselves. The company promised to implement a bug bounty program to prevent similar incidents in the future. McDonald’s, for its part, said it fixed the vulnerability the day it was discovered. Carroll said he only found out about this ”appalling level of security” because he was interested in the decision to vet potential employees through an AI bot and a personality test. ”It seemed particularly dystopian to me compared to the normal hiring process, right? That’s what prompted me to dig deeper. I started applying for the job, and within 30 minutes we had full access to virtually every application form ever submitted to McDonald’s in recent years,” he emphasized in a comment to Wired. Bitcoin Depot Failed to Keep Track of 27,000 Customers’ Data Bitcoin Depot, an operator of a Bitcoin ATM network with more than 17,000 devices in the US, Canada, and Australia, has notified customers of a personal data leak. Suspicious activity on the network was first discovered on June 23, 2023, and the company’s internal investigation concluded in July 2024. U.S. law enforcement requested that public disclosure be delayed until their own investigation was completed. According to a letter sent to victims, the attackers obtained documents belonging to approximately 27,000 customers who had completed KYC procedures. The type of data leaked varies from person to person, but can include: Full name Phone number Driver’s license number Residential address Date of birth Email address No financial compensation or identity theft protection is being offered, as the risks are associated with cryptocurrency assets. Victims were instead advised to remain vigilant and monitor their bank statements.

Source: Coinpaper