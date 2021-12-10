The Ministry of Health suffered an alleged cyber attack in the early hours of Friday (10). Internet users who try to access the Ministry’s official website end up finding a page with the message: “The system’s internal data has been copied and deleted. 50 TB of data is (sic) in our hands.”

Traffic redirection has nothing to do with getting data from the systems, they would be different problems

So far, there is no information on how the attack was carried out and the scrapbook page is still online. As you can see, the problem is DNS Hijacking: an attacker gains the ability to redirect traffic to an unauthorized page.

O TechWorld contacted the Lapsus Group to investigate the alleged collection of 50 TB of data from the Ministry of Health. When we have more evidence, we will be able to confirm the information.

The access of the Lapsus group, formed by Colombians and a Spaniard, allows control of the DNS (domain name system). During the night of today (10), IT professionals were able to discover that the MX record has been modified – this means that any email sent to a saude.gov address would end up in the attackers’ hands.

Ministry website

We are updating…