João 🦅

CYBER INTELLIGENCE ALERT: ALLEGED SALE OF ACCESS TO BRAZILIAN FINTECH (US$70M+ REVENUE) 🇧🇷 💸 [STATUS: UNCONFIRMED / THREAT ACTIVITY / SALE OF ILLICIT ACCESS] An offer has been detected on specialized forums by the threat actor "romanticist," who claims to be selling privileged access to a Brazilian-based financial technology (Fintech) company with reported revenues exceeding US$70 million. Threat Actor: romanticist Sector: Fintech/Infratech/BaaS (Brazil) Assets and Access 📂 The attacker claims to have gained access to the following critical systems through looting techniques (not infostealers): Infrastructure: Top-level administrator account in the organization's GitHub repository, MSSQL access (SA account), S3 MinIO server, and Grafana dashboard. Web Environment: Primary WordPress domain and access to the Regcheq API. Sensitive Data: Production environment database dumps, including banking information for 590 clients, as well as the company's own bank account information. Other: Access to S3 buckets and a Twilio account. Security Considerations ⚠️ Severity of Compromise: Access to an MSSQL SA (System Administrator) account and the administrative-level GitHub repository allows for complete control over the development lifecycle and production data, which poses a critical threat to the organization's financial integrity. Strategic Monitoring Tools Intelligence Platform: https://t.co/wk9bZJ2Nli Security Verification: https://t.co/5LuqwzYuS6 #CyberSecurity #Brazil #Fintech #DataBreach #Looting #ThreatIntelligence #VECERT #UnderInvestigation