[TheRecord] Lapsus$ ransomware gang hits SIC, Portugal’s largest TV channel

The Lapsus$ ransomware gang has hacked and is currently extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.

The attack has taken place over the New Year holiday and has hit the company’s online IT server infrastructure. Websites for the Impressa group, Expresso, and all the SIC TV channels are currently offline.

National airwave and cable TV broadcasts are operating normally, but the attack has taken down SIC’s internet streaming capabilities.

The Lapsus$ group took credit for the attack by defacing all of Impressa’s sites with a ransom note (pictured at the top of this article). Besides a ransom request, the message claims that the group has gained access to Impresa’s Amazon Web Services account.

Impresa staff appeared to have regained control over this account earlier today when all the sites were put into maintenance mode, but the attackers immediately tweeted from Expresso’s verified Twitter account to show that they still had access to company resources.

Image: The Record

The Impresa attack is one of the largest cybersecurity incidents in Portugal’s history. Impresa is, by far, the country’s largest media conglomerate.

According to September 2021 TV ratings, SIC and all its secondary channels dominate the TV market, while Expresso has the largest circulation numbers for weekly periodicals. Nonetheless, Impressa also owns many other media companies and magazines, all of which are currently most likely impacted by the attack as well.

Prior to the Impressa attack, the Lapsus$ group has also hacked and ransomed Brazil’s Ministry of Health, and Claro and Embratel, two South American telecommunication providers.

Members of the Lapsus$ group have not returned a request for comment sent via email. An Impresa spokesperson refused to comment on the attack.

This is the second ransom attack over the winter holiday that has hit a media conglomerate after the Ryuk gang hit Tribune Publishing, owner of the LA Times, in December 2018.

Despite warnings from US and German authorities, cyberattacks did not make too many waves during the recently passed winter holidays.

The post Lapsus$ ransomware gang hits SIC, Portugal’s largest TV channel appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Tesco’s website restored after suspected cyberattack

All posts, ZDNet

Outage left customers frantically trying to cancel orders after turning to Tesco rivals for the week’s groceries. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2019-11-20

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems www.wired.com/story/iran-apt33-industrial-control-systems/ The recent shift away from IT networks raises the possibility that Irans APT33 is exploring physically disruptive cyberattacks on critical infrastructure. Ransomware Gangs Adopt APT Tactics in Targeted Attacks www.bleepingcomputer.com/news/security/ransomware-gangs-adopt-apt-tactics-in-targeted-attacks/ Ransomware operators are moving away from mass volume attacks and partnering with specialists who […]

Read More

[ThreatPost] Clop Raid: A Big Win in the War on Ransomware?

All posts, ThreatPost

Cops arrest six, seize cars and cash in splashy raid, and experts are applauding. Source: Read More (Threatpost)

Read More