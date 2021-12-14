Earlier this Monday (13), the Minister of Health, Marcelo Queiroga, announced a second attack, and the Institutional Security Office of the Presidency of the Republic (GSI/PR) confirmed, in a statement, that more than one body had been affected, without specifying how many. He also said that the Center for Prevention, Treatment and Response to Cyber ​​Incidents (CTIR Gov) issued a warning about the attack.

The alert, published on Saturday (11) and last updated this Monday afternoon, states that “some cases of intrusion have occurred with the use of legitimate administrator profiles, which does not require the attacker to take actions to escalate privileges. ”.

Health System suffers new hacker attack

PRF system not yet fully restored

In a statement, the PRF confirmed that the Electronic Information System (SEI) remains down and that “PRF’s technical teams are working uninterruptedly to restore their systems through back-ups, still requiring a period of 48 hours” (read the full text at the end of the article). The SEI is an existing system in federal agencies through which civil servants issue official information.

The CGU said it had its cloud service hit by an invasion around 5:40 pm on Friday. The agency said that it maintains a backup of all data and that, on Monday night, it had all services operational.

The IFPR, in turn, stated on Friday night that “the IFPR cloud environment has suffered a major attack today [sexta] around 6pm”. On Saturday, the institute’s Information and Communication Technology Directorate stated that “AWS managed to recover most of the files during the night, now it’s the manual job of rebuilding the entire environment,” and that the attack only affected internal data. On Monday, the institution said that the service was already close to normalization.

Agencies use cloud service contracted via Embratel

In common, the agencies attacked last Friday use the same cloud computing service. He was hired on an electronic auction in 2018 by the then Ministry of Planning. The winner was Primesys, a subsidiary of Embratel.

Wanted by TV Globo, Embratel stated that each agency is responsible for managing the cloud environment, and that it acts only as an “Infrastructure as a Service broker” (IaaS). In other words, the company plays the role of mediator between the public agency and the private service offered, in this case, by AWS, the number service provided by the American company Amazon. Also according to Embratel, “the public notice and the price registration minutes did not include data security services provided by our company”. The company stated, even though “due to contractual reasons” does not comment on issues related to customers and that it is “supporting government agencies in their technical needs”.

The hiring came to a standstill for months after an appeal by competing companies on the floor, which was later rejected by the ministry. The total contract value for the first 30 months was nearly R$30 million, and included cloud computing services, specialized technical services and training.

After the contract came into effect, federal agencies were able to contract the service by adhering to the Price Registration Act.

In the case of the CGU, for example, adhesion was made in December 2019, for an initial period of 30 months, which may be extended for up to 60 months. The total amount for the first 30 months is R$2.4 million.

Full text of the Federal Highway Police note:

“Last Friday (10), the PRF was the target of a security incident in one of its databases, which caused the unavailability of some systems, including the SEI.

No data leak was identified.

From the moment the incident was identified, it was immediately blocked. Teams of PRF technicians are working around the clock to restore their systems through back-ups, still requiring a period of 48 hours.

The case is being investigated by the Federal Police and monitored by the Institutional Security Office (GSI).”

Full note of the Federal Institute of Paraná: