/ The most important massive cyberattacks in 2022October 12, 2022
1. Leaks of the Joint Chiefs of Staff (September 2022).
On September 19, the hacker group Guacamaya leaked approximately 400,000 emails from the Joint Chiefs of Staff (EMCO), the body in charge of advising the Ministry of Defense on various national security matters.
This involved the leak of a series of files containing minutes, confidential reports and military intelligence documents from 2012 and 2022. Particularly noteworthy are emails containing data on cybersecurity strategies adopted by the Armed Forces, the plan for satellite monitoring of communications at the country’s borders (detailing the mechanisms used to intercept communications), and reports on the situation in the far north and in La Araucanía.
The seriousness of this fact lies in the fact that almost all the information disclosed by the group of hackers is of a reserved, secret or top secret nature due to the national security matters they deal with.
From the ongoing investigations it has been detected that part of this vulnerability would have its origin in the deficiency of the information backup control policies, in which the personnel would have used their own storage services (such as Google or Dropbox), which would generate a channel for information leakage.
2. Hacking of the Judicial Branch (September 2022).
On September 26, the Judiciary announced that they had been warned of the presence of a ransomware in their network, affecting systems with serious problems. 150 computers were affected, equivalent to 1% of those of the Judicial Branch in the country.
As reported, it was a cyber-attack that affected devices that combined Windows 7 and McAffe antivirus. This resulted in the suspension of hearings and the prohibition for officials to attach files to the emails of this government agency.
On September 29 it was reported that the Judiciary had been attacked again, this time damaging Windows 10 computers. In addition to the initially affected computers, the corporation indicated that the number of infected devices had increased to 700.
For the time being, no information leakage has been reported, so the measures taken have had positive effects in terms of containing the incident.
3. Sernac malware (August 2022).
On August 25, the computer services of the National Consumer Service (Sernac) were affected by a cyber-attack that compromised the consumer service platform.
The attack involved a newly developed ransomware, of which there had been no reports of previous use. This attack would have involved the encryption of the institution’s files and databases, with the key to this system being held by the attacker.
Twelve days after the incident was reported to the public, Sernac reported that its systems had been normalized and that no data leaks had been detected. The Public Prosecutor’s Office and the Investigation Police are still investigating.
4. Cencosud (September 2021).
The National Directorate for the Protection of Personal Data (DNPDP) of Argentina ordered a fine of ARS$290,000 against Cencosud for not having taken the preventive technical and organizational measures to guarantee the duty of security and not having taken the necessary corrective measures to guarantee the duty of security; and not having communicated to its clients that they could be victims of personal data leaks on either of the two occasions.
In this case, Cencosud was the victim of a malware that slightly affected its infrastructure in that country, involving a leak of customer and credit card information. After the DNPDP requested the company to investigate the facts, it was determined that the latter’s response was insufficient and that it had not complied with its legal obligations.