The group of hackers identified as Lapsus$, which attacked the Health Ministry and 23 other government agencies last Friday, said via Telegram that it has access to and control of an unspecified number of Brazilian government cloud installations in Amazon Web Services (AWS), which totals four terabytes of data.
According to the group, the breach also included privileged access to the ministry’s vCenter Server, a centralized management utility used to oversee all hosts and virtual machines of a data center from a single console.
This would have given the group “an opening” to access the 4 TB of data from SisReg, the ministry’s web system that regulates the entire national health system — including the distribution of health resources.
Authorities had to turn off the network “after government technicians detected an attempt by hackers to access the folder’s website,” but said the servers managed to escape greater damage, with the attacks not causing any loss of data. In Lapsus$’s message, however, the group affirmed they did not only access the systems, but also deleted several backups and seized all the data for a ransom.