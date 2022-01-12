News updated at 3:30 pm

The Lapsus$ group, which attacked the Ministry of Health, Claro, Correios, announced this morning that it had attacked the internet operations of Localiza, considered the largest car rental company in Latin America. The announcement was made at 02:43 today by the Telegram channel maintained by the group. Apparently the attack was made only against the services exposed on the web: in the message announcing the incident, the group added a description of the pornography site PornHub – an indication that visitors to the original Localiza address were being redirected to that other address.

At 3:25 pm, Localiza’s communications office sent this clarification note to CISO Advisor:

We identified a partial interruption in the operation of some of our systems in the early hours of 01/11, as a result of a cybersecurity incident involving the Company. The functioning of the systems is being restored. There is, to date, no evidence of access to databases, as well as the extraction or leakage of personal data.

There are already suspicions that there may have been access using a third-party credential and not the company’s – one of the possibilities is that this credential is from a service provider.

The company website presented DNS error messages. Even the Investor Relations content went offline, indicating that it is not third-party, being hosted on the same network as the site. Users of the company’s website indicated on Twitter that they had been redirected to the pornography site.

Message from the group announcing the attack on Localiza

Error screen when accessing the “About Us” page

On the group’s Telegram channel, several users are targeting large Brazilian retail companies, as well as credit protection services and state-owned companies.

Look this

Lapsus$ publishes sensitive data on the president and family

In 24 hours, hackers locate and invade 256 clouds

Prior to the merger with Localiza, the car rental company Unidas admitted to having suffered an invasion of its network on November 22, 2020. On the 3rd of the same month, the STJ had also suffered an invasion. At the time, Unidas admitted that the attack had damaged its operation.

At the time this news was published, at 9:00 am, the Localiza website was working partially responding with external frames but without content, indicating a possible lack of access to databases. Five hours later it was operating normally.

The group apparently specialized in attacking Portuguese-speaking organizations, mainly Brazilian ones. There are suspicions that one or more members are part of the same group that in November 2020 attacked the TSE.

Founded in 1973, Localiza is currently the largest car rental company in Brazil: after the merger with Unidas, it has around 11,600 thousand employees, 12 million customers, a fleet of 274,300 vehicles, 621 branches in 406 cities.