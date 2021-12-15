The problem in ConnectSUS occurred after several government agencies were targeted by hackers. The first attack took place on Friday (10). In the case of the Ministry of Health, there was at least one new attempt with an impact on the internal network between Sunday (12) and Monday (13).

The initial attack on the Ministry of Health mainly affected access to proof of vaccination. However, the system for notifying cases of the disease was also impaired, hampering the release of daily reports on the impact of Covid-19 in Brazil.

The executive secretary of the Ministry of Health, Rodrigo Moreira da Cruz, admitted that the invasion left several systems in the folder unstable, including the management of the transplant queue. However, most were reinstated hours after the crime, unlike the vaccination certificates.

ConnectSUS application is hacked and fails to show data on vaccination

Backup, Ransomware and Rescue

One of the first doubts about the consequences of the action was whether the 50Tb of data had been lost or hijacked: considering information released by the Federal Police (PF), it was possible to infer that this was not a ransomware attack, in which cybercriminals scrambled the information and block access seeking payment of a ransom.

Soon after the invasion, the government claimed that it had backed up the data and also failed to point out any negotiations with hackers to restore the information. But it was only on Sunday that he announced that the process for recovering records of those vaccinated against Covid-19 was completed without loss of information.

Attack affects ‘vaccination passport’

Because of the attack, the federal government even suspended the need for proof of immunization for travelers arriving in Brazil by air and, in case of absence of the document, the requirement of 5 days of quarantine. The measures, which would take effect on Saturday (11), would only take effect on December 18th.

However, on Saturday, the Minister of the Federal Supreme Court (STF), Luís Roberto Barroso, determined that proof of vaccination was mandatory for travelers arriving in the country, despite the impossibility of issuing an immunization passport.

The failure affects the routine of Brazilians across the country: proof of vaccination is required in more than 240 Brazilian cities to access some public and private spaces, according to a survey by the National Confederation of Municipalities (CNM). The alternative was to use paper proof or state systems.

Investigations and suspect group

The “Lapsus$ Group” claimed responsibility for the cyber attack. The group that claims the attack is relatively new: in internet forums, it had already announced the invasion of the systems of electronic games giant Electronic Arts (EA), responsible for successes such as FIFA, The Sims and Battlefield franchises.

The Federal Police reported that the attack on the systems was carried out in the Amazon Web Services (AWS) public cloud environment, a virtual space used by the folder’s website.

The PF opened an inquiry to investigate “crimes of invasion of a computer device, interruption or disruption of computer, telematic or information services of public utility and criminal association”.

The Office of Institutional Security (GSI) of the Presidency of the Republic is investigating whether the hacker group had access to the cloud of providers through the login and password of a government official, according to a report in the newspaper “O Globo”.

There was no disclosure of further details or identifying information about the suspects.