On June 30, Brazilian financial institutions experienced a severe cyber breach, leading to an electronic theft estimated at around 140 million US dollars, equivalent to 800 million Brazilian reais.
The operation was carried out by breaching the reserve account of those institutions through infrastructure provided by C&M, which connects the central bank to local banks. Authorities are working to recover the funds and identify those responsible for this serious breach.
The central bank immediately reacted by issuing a notice for a temporary suspension of C&M Software, the main provider of the affected technical infrastructure. After two days, the company was allowed to resume some of its operations under strict monitoring.
Meanwhile, the federal police in Brasília opened an extensive investigation led by the Cybercrime Division to look into the details of the electronic theft, track the financial trails of the stolen amounts, and prevent any potential money laundering activities that may follow.
Investigations indicate that between 30 and 40 million dollars of the stolen funds were converted into digital currencies, including Bitcoin, Ethereum, and Tether. Over-the-counter (OTC) trading platforms in Latin America were used for this purpose.
Investigators suspect that this operation may be linked to the PIX payment system of the central bank, raising additional concerns about the security of this vital system.
In a shocking development, a software employee at C&M named João Nazarino Roque admitted to selling sensitive credentials to one of the attackers for only 5,000 Brazilian reais.
Investigations revealed that communication between the attacker and Roque began in March, as the hacker demonstrated a deep understanding of the employee's work nature, and then paid him an additional amount of 10,000 reais to execute secret commands within the system that allowed the electronic theft to be successfully completed.
