Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions
The bank did not provide further details of the attack, but said in a statement that it ordered C&M to shut down financial institutions' access to the infrastructure it operates.
C&M Software commercial director Kamal Zogheib said the company was a direct victim of the cyberattack, which involved the fraudulent use of client credentials in an attempt to access its systems and services.
C&M said critical systems remain intact and fully operational, adding that all security protocol measures had been implemented. The company is cooperating with the central bank and the Sao Paulo state police in the ongoing investigation, added Zogheib.
Brazilian financial institution BMP told Reuters that it and five other institutions experienced unauthorized access to their reserve accounts during the attack, which took place on Monday.
BMP said the affected accounts are held directly at the central bank and used exclusively for interbank settlement, with no impact on client accounts or internal balances.
BMP added it has taken all necessary operational and legal steps and holds sufficient collateral "to fully cover the impacted amount, without any harm to its operations or business partners."
An official familiar with the ongoing investigation, who spoke on condition of anonymity, said C&M provides services to around two dozen small financial institutions, and the amounts involved in the attack do not reach into the billions of reais.
Another source said there were no losses suffered by clients.
The central bank has used the term "financial institutions lacking their own connectivity infrastructure" to refer to digital payment institutions, which have grown rapidly in Latin America's largest economy, boosted by innovations driving competition in the sector.
For instance, the Pix instant payment system, developed and operated by the central bank, was launched in late 2020 and has become the most widely used payment method in the country.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
7 hours ago
- CNA
SAF and MINDEF units part of Singapore's response to ongoing cyberattack: Chan Chun Sing
SINGAPORE: Units in the Singapore Armed Forces (SAF) and Ministry of Defence (MINDEF) have been responding to the ongoing cyberattack by an alleged China-linked threat actor on Singapore's critical infrastructure, said Minister for Defence Chan Chun Sing on Saturday (Jul 19). These select units will work with the Cyber Security Agency of Singapore (CSA) in a whole-of-government effort to manage the incident, he added. Coordinating Minister for National Security K Shanmugam first revealed on Friday that Singapore was actively dealing with the "highly sophisticated' UNC3886 group, which he said posed a serious danger to Singapore and could undermine national security. UNC3886 has been described by Google-owned cybersecurity firm Mandiant as a "China-nexus espionage group" that has targeted prominent strategic organisations on a global scale. On Saturday, Mr Chan was one of three Cabinet ministers to address the attack. Minister for Digital Development and Information Josephine Teo said in a Facebook post that Singaporeans should be aware about the ongoing cyberspace threats the country faces, and that there was "never a perfect time" to disclose such incidents. "We always have to strike a fine balance between maintaining operational security and raising public awareness, especially while live operations are ongoing," she added. "Imagine if threat actors succeeded in taking down any of our critical systems, such as water, power or telco networks. The knock-on effects could be devastating." On the sidelines of a community event in Chong Pang on Saturday, Mr Shanmugam was also asked why the Singapore government decided to name the attackers. He said Singaporeans ought to know where the attack was coming from, and that attackers have been named in the past. "The number of incidents we disclose are far smaller than the actual number of attacks, and we don't disclose because of national security or public interest reasons," he added. "This time round, our assessment was that we can disclose those details. I released very little, very few details ... we have confidence as to who the attacker was. So we thought that that is appropriate to disclose." When asked about UNC3886's alleged links to China and possible retaliation for naming them, Mr Shanmugam, who is also Home Affairs Minister, said this was "speculative". "Who they are linked to and how they operate is not something I want to go into," he said. CHINESE EMBASSY RESPONDS On Saturday, the Chinese embassy in Singapore noted that Singapore media outlets had cited "so-called information from a certain country's cybersecurity company" and claimed UNC3886's link to China. The Chinese government expresses "strong dissatisfaction" over the claim and opposes any "groundless smears and accusations", the embassy said in a statement. "The embassy would like to reiterate that China is firmly against and cracks down (on) all forms of cyberattacks in accordance with law. China does not encourage, support or condone hacking activities," it added. "Keeping the cyberspace safe is a global challenge and China stands ready to work with Singapore and the rest of the world to jointly protect cybersecurity." OPERATIONAL READINESS Mr Chan on Saturday described the cyberattacks as an example of the type of emerging threats that the SAF and MINDEF have had to handle. Speaking to journalists during a visit to Selarang Camp, Mr Chan also addressed the importance of readiness among operationally ready national servicemen (NSmen). Countries can buy machines if they have money, but the "most critical" component of Singapore's defence is the "fighting spirit" of its men, he said. "To see the men being prepared, spend time and effort to maintain their fitness, to maintain their operational currency - that to us is the greatest deterrence that we can have," said the Defence Minister. He pointed to new operational challenges, including the conflicts in Europe and the Middle East, that Singapore is learning lessons from. "Many of these things we would have anticipated prior, and we will be ready. We can't be starting our preparations after we see what people do," said Mr Chan.
CNA
a day ago
- CNA
Adam Peckman and Ken Soh on cybersecurity threats
Coordinating Minister for National Security and Home Affairs Minister K Shanmugam says Singapore is under cyber attack. The sophisticated group behind the attack is known as UNC3886. In light of the current attack, Mr Shanmugam has called for Singapore to strengthen its cyber defences, adding that authorities will be updating the Cybersecurity Act to get more powers in order to deal with such threats. Adam Peckman, global head of cyber consulting and head of cyber solutions in Asia Pacific at Aon, and Ken Soh, Chair of SGTech's Cyber Security Chapter, discuss the foreign cyber threats that Singapore is facing and how businesses and individuals can safeguard against them.
CNA
2 days ago
- CNA
South Korea's top court upholds acquittal of Samsung boss in fraud case
SEOUL: South Korea's highest court on Thursday (Jul 17) upheld the acquittal of Samsung Electronics chief Lee Jae-yong after he was cleared of a slew of charges linked to a controversial merger, ending a years-long legal drama at the tech titan. Prosecutors claimed the deal was designed to seal control of the company for Lee, at a cost to shareholders, accusing the 57-year-old of stock price rigging, breach of trust and accounting fraud. He was originally cleared of the charges at a trial late last year, and that was upheld by an appeal court in February, a decision that was challenged by prosecutors. However, the Supreme Court upheld the original decision on Thursday, bringing an end to the saga. "All appeals were dismissed and the lower court's rulings were upheld," court documents seen by AFP said. The charges related to the 2015 merger between Samsung C&T - a construction and engineering firm - and Cheil Industries. Lee did not appear at the court, but Samsung's legal team welcomed the ruling, saying it "clearly affirms the legality of the merger between Samsung C&T and the accounting practices of Samsung Biologics". "We express our sincere gratitude to the court for its wise and thorough judgement after five years of careful deliberation," they added. Lee was jailed for 18 months in a separate fraud and embezzlement case following a sweeping investigation that also brought down former president Park Geun-hye in 2017. Lee, current executive chairman of Samsung Electronics, the crown jewel of South Korea's sprawling Samsung group, was released on parole in August 2021, having served half his sentence. He received a presidential pardon the following year, then returned to management shortly afterwards, and was officially named executive chairman in October 2022. With the acquittal, experts say Lee is now in a position to take on a more visible leadership role at South Korea's largest conglomerate. "Chairman Lee is likely to resume a more public role, with his leadership becoming more visible through overseas trips, investment announcements and participation in major events," Kim Dae-jong, a professor at Sejong University, told AFP.
