The National Cybersecurity Center (CNCS) rules out links between a “data leak from the Tax Authority (AT) that has been publicly mentioned” and the attack directed at the Administrative Modernization Agency (AMA). However, it does not explain the origin of this data leak, when it was compromised or how long it has been circulating.
“With respect to a filtration of the Tax Authority (AT), which has been mentioned publicly, has no relation to the incident that affects the infrastructure of the AMA,” states the CNCS in a statement released this Tuesday.
The messages reached the Observer via WhatsApp, whose original sender is unknown, with a warning of “a brutal filtration information of the Ministry of Finance with NIF [número de identificação fiscal] and respective passwords”, you can read. The message, accompanied by a link to a web page, requests a search using the respective NIF. If detected in the available list, it was requested to change the password to access the Finance Portal “as soon as possible.”
“The leak in question, made up of groups of exposed credentials, is the result of criminal activity that uses information thieves and similar instruments,” explains the CNCS. You information thieves, either thievesThey are a type of malicious code (malware) developed to surreptitiously collect confidential data from a system, explains the center.
The press release also mentions that “the publication of this type of leaks It is something that happens with some regularity.”
Administrative Modernization Agency target of cyber attack. Services such as the Digital Mobile Key affected
It is explained that the Tax Authority, “when it is aware of groups of exposed credentials, its procedure is to force the renewal of the credentials of the target users.”
The CNCS states that, in relation to the incident against the AMA infrastructure, “the process of forensic analysis and resolution of this incident is progressing at a good pace” and that “palliative and reinforcement measures were implemented, which guarantee adequate security in the restoration of affected services.”
The incident with the AMA became public on October 10.
Source: Observadora
