Cyber Incident Victim: Superior Tribunal de Justiça

On September 1, 2024, the Superior Court of Justice (STJ) of Brazil was hit by a cyberattack, specifically a ransomware attack, during a critical period when judgment sessions were being conducted over a video conference. This attack had a significant impact, taking the court's website offline for an extended period and disrupting access to essential public records and news.

The ransomware attack on the STJ is part of a broader trend of increasing cyberattacks in Brazil, with the country experiencing an eightfold rise in such incidents since the blocking of the messaging app 'X' in July 2024. This surge in cyberattacks has been documented by Juliet Manfrin, who reported on the alarming increase in these malicious activities.

The STJ attack was not an isolated incident, as it was part of a larger ransomware campaign targeting Brazilian government systems. This campaign was orchestrated by a cyber-gang calling themselves 'Fog,' who left a ransom note demanding $1.2 million to decrypt the files they had encrypted. The attackers managed to exfiltrate at least 28 gigabytes of data, which they sent to two external servers in the United States. This data breach triggered legal cooperation between U.S. and Brazilian authorities, who are jointly investigating the incident.

The Brazilian Ministry of Justice formally requested U.S. assistance to access data stored on four virtual machines linked to the origin of the attack, which could potentially reveal the identities of the perpetrators. The investigation is ongoing, and the Brazilian Federal Police declined to comment due to the sensitive nature of the case. It remains unclear whether Brazilian authorities paid the ransom to retrieve the stolen files, as the communications between officials and the ransomware group do not indicate any payment.

The cyber-gang 'Fog' demonstrated a level of sophistication in their attack, as they were able to breach the systems of nine Brazilian ministries and two agencies. In a private chat, a person apparently affiliated with one of the targeted government bodies responded to the attackers, and the gang promised to provide details soon. This incident highlights the challenges faced by governments and organizations in protecting their digital infrastructure against determined and well-organized cybercriminals.

The investigation into the 'Fog' hacker group has revealed the difficulties in holding internet and hosting service providers accountable for illegal activities conducted through their platforms. While these providers are not directly responsible for content generated by third parties, they are expected to comply with legal and judicial orders and not engage in illegal activities themselves. The data preservation request in this case was made through the 24/7 Network of the Organization of American States, which facilitates international cooperation in cybercrime investigations.

However, De Camargo, a cybersecurity expert, pointed out the challenges in data preservation by foreign companies, citing legal differences between jurisdictions, sovereignty issues, and the need for international legal cooperation agreements. The Brazilian authorities consider this case highly sensitive, urgent, and requiring swift action, as evidenced by their email communications with U.S. counterparts.

The ransomware attack on the STJ also brings attention to Brazil's outdated legislation regarding cybercrime. If the perpetrators are identified, they will be tried under extortion laws passed in 1940, which are not equipped to handle the complexities of modern cyberattacks. Recognizing this gap, two Brazilian Congressional commissions are currently reviewing proposals to update the legislation and make it more effective in combating cybercrime.

The STJ attack is a Distributed Denial of Service (DDoS) operation, a type of cyberattack that aims to overwhelm a target's system with a flood of internet traffic, making it inaccessible to legitimate users. In this case, the STJ website was hit with 10 million simultaneous connections, causing it to go offline for approximately 48 hours. This attack occurred during the Carnival period, a time when many people in Brazil are on holiday, potentially maximizing the impact of the disruption.

The DDoS attack on the STJ is not an isolated incident, as it is part of a broader trend of cyberattacks targeting critical sectors in Brazil. While the malware used in this attack primarily targets ordinary users, some infections have been linked to critical sectors, with a focus on cryptocurrency-related data suggesting financial motives. This highlights the evolving nature of cyber threats and the need for robust cybersecurity measures across all sectors.

The ransomware attack on the STJ and other Brazilian government agencies has raised concerns about the security of the country's digital infrastructure. The attack's impact on the court's operations and the potential exposure of sensitive data have underscored the need for enhanced cybersecurity measures and international cooperation in combating cybercrime.

The STJ attack also highlights the challenges in attributing responsibility for cyberattacks, as the perpetrators often operate across borders and exploit legal loopholes. The involvement of the Organization of American States in facilitating data preservation requests demonstrates the importance of international cooperation in addressing these complex issues.

In conclusion, the Brazilian Superior Court of Justice cyber incident on September 1, 2024, is a significant event that sheds light on the growing threat of cyberattacks in Brazil and the challenges faced by authorities in responding to and preventing such incidents. The attack's impact on the court's operations, the potential exposure of sensitive data, and the ongoing investigation into the 'Fog' hacker group all underscore the need for comprehensive cybersecurity strategies and updated legislation to address the evolving nature of cyber threats.