Open Nav
Sign Up

Brazilian Hackers Breach Large Cellular Services Company

brazilian hackers attack cellular company

OP Innovate

May 7, 2024

A major US-based cellular service company recently fell victim to a cyber attack orchestrated by Brazilian hackers. The incident highlights the importance of robust cybersecurity measures and the potential consequences of failing to secure sensitive data.

The Attack

The breach occurred when attackers gained access to the company’s AWS S3 buckets, which were meant to be accessible by authorized personnel only. This breach occurred because the credentials used to access these buckets, provided by AWS’s Security Token Service (STS), did not have an expiration date set.

The compromised account, which belonged to a Canadian supplier, granted the attackers unrestricted access to all S3 assets. They swiftly downloaded all objects from the buckets and then attempted to delete them entirely from the bucket. To make matters worse, the attackers also managed to obtain the AWS Secrets, further compromising the security of the company’s data.

Ransom Demands

After the breach, the attackers contacted the company’s CISO and CEO via LinkedIn, demanding a ransom payment of $50,000. They sent emails and a video in Portuguese to pressure the company into paying the ransom.

Investigations revealed that the IP addresses used to access the S3 buckets originated from Brazil. The attack resulted in the leak of 1TB of customer data, and while the company claims that the data was non-sensitive, things could have turned out very differently.

Security Lapses

Further investigation uncovered that the compromised credentials were found in various locations, including email, Google Drive, and an on-premises GitHub repository. The company also lacked proper backup of assets in the online bucket, making it impossible to revert the changes made by the attackers.

To make matters worse, the company had insufficient access logs, hindering the investigation process and making it difficult to determine the full extent of the breach.

Lessons Learned

This incident serves as a stark reminder of the importance of implementing robust cybersecurity measures. Companies should ensure that:

1. AWS S3 buckets are properly secured and access is limited to authorized personnel only.

2. Credentials have appropriate expiration dates and are managed using AWS STS.

3. Recertification of personnel with access to assets is conducted at least twice a year, and more frequently for highly sensitive assets, to verify the continued necessity of their access privileges.

4. Sensitive information, such as credentials, is not stored in unsecured locations like emails, cloud drives, or code repositories.

5. Regular backups are maintained to enable quick recovery in the event of a breach.

6. Comprehensive access logging is implemented to facilitate thorough investigations.

By addressing these security lapses and adopting best practices, companies can significantly reduce the risk of falling victim to similar attacks in the future.In this case, regular penetration testing would have easily identified these security flaws, allowing the company to address them proactively and prevent the breach from occurring in the first place.

Resources highlights

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed

Fortinet FortiSandbox Under Active Attack (CVE-2026-39813 & Others)

Threat actors are actively exploiting multiple critical vulnerabilities affecting Fortinet FortiSandbox. The reported activity involves three unauthenticated vulnerabilities: CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. These flaws are…

Read more >

cve-2026-39813

Critical Wazuh Manager Vulnerability Enables Alert Tampering and Security Evidence Deletion

A critical vulnerability has been disclosed in Wazuh Manager that could allow attackers to tamper with security data, delete alerts, and manipulate forensic evidence stored…

Read more >

wazuh manager vulnerability
Under Cyber Attack?

Fill out the form and we will contact you immediately.