The Legal and Administrative Secretary of the portfolio, Ricardo Casal, requested the investigation of what would be a data leak.
The Ministry of Economy, led by Sergio Massa, denounced before the Justice the possible hack which was released this Wednesday Clarion. He did it last night, through the Legal and Administrative Secretary of the Ministry of Economy, Ricardo Casal,
It happens that yesterday a user uploaded a post where he claimed to have internal access to the Ministry’s systems, more specifically credentials “to various financial instruments and software”. The forum where the information was uploaded is the same one in which 15,000 internal records of the Buenos Aires Supreme Court were uploaded a month ago.
The threat actor who claims to be behind it is Everestas computer security specialist Mauro Eldritch had told this medium: “The threat actor claims to be from the Everest Ransom Team and first used Tox, a P2P chat also used by actors such as Lockbit”. Hours later, the group of cybercriminals uploaded an entry with the Ministry of Economy as the victim.
“Although our technical areas have not yet been able to detect illegitimate access to our databases or the theft of passwords or information, the truth is that the public offer made makes it essential not only to exhaustive internal investigation that is underway, but also the promotion of the pertinent judicial investigation for the possible existence of crimes of public action that could directly affect the interests of the National State”, says the complaint signed by Ricardo Casal.
”The Ministry of Economy has multiple databases and computer systems that contain data related to public and private organizations and, in particular, linked to the different areas of government and also related to projected economic and financial policy decisions or in the course of execution”, warns the official.
“The possibility of doing or trying to do illegitimate use of the same, whether through the dissemination or sale of sensitive data or even the theft, modification or total or partial suppression of the databases and/or computer systems has the potential not only to alter the effective development of the administrative functions of the area but also influence foreign exchange, financial or investment markets”, he adds.
For these reasons, Casal ordered the following “urgent proceedings”: “That the aforementioned publications of the social network Twitter and the platform where the data was uploaded be certified by the secretariat, reports be requested from the company to the owner or person responsible for the platform in order to that it provides all the available data of the user identified as ‘Everest'”.
“That technical measures are available to determine previous or subsequent publications of the aforementioned user, links, contacts and possible identity and technical measures are available to identify equipment used for the creation or access to the referred account”, closes the legal document.
The request is in accordance with article 9 of the data protection law (25,326), which defines that the person in charge or user of the data file must adopt the technical and organizational measures that are necessary to guarantee the security and confidentiality of the data. personal information, in order to avoid its adulteration, loss, unauthorized consultation or treatment.
In the event of a security breach, they must report it as a public entity.
During the night of this Wednesday, the group uploaded a post on its blog with the Ministry of Economy as a victim.
It is a group that has already attacked Argentina.”Everest Ransom Group is a ransomware actor with an outstanding track record, which has entered Argentina twice: the first in March this year, attacking INTA, with the disclosure of various agency databases and the second at the end of November 2021, when the group put up for sale privileged access to ‘several intranet sites and databases of the Argentine government’ for two hundred thousand dollars“, said the analyst.
However, specialists warn that it is a particular type of attacker: “It is not clear how Everest obtains the data published on its Tor site, but some previous leaks seem to have been composed of information that was already in the public domain or that had been previously exposed. in other violations. It’s also unclear if the logins they claim to have for various governments are actually real. and current, but I suspect in many cases they are not,” says Brett Callow, Threat Analyst at Emsisoft.
The forum is the same in which 15,000 internal records of the Buenos Aires Supreme Court were uploaded a month ago, a situation for which the highest court of the Province of Buenos Aires issued a statement to acknowledge the situation. At the moment, Economy did not issue public statements, but only the complaint.
At the moment, neither the Ministry nor experts know, however, if the information uploaded is really what Everest says it is, since the only way to know is by looking at the allegedly stolen data set.
A new hack to the State
Cyberattacks and data leaks in state agencies have been a constant in recent years. In 2020, the National Directorate of Migration suffered a ransomware attack, a type of program that encrypts information to demand a ransom in cryptocurrencies in return. At that time, thousands of personal data of Argentine citizens and foreigners who entered the country were published.
Last year, an unauthorized access managed to extract data from the Renaper and sold it in the same forum for buying and selling personal data. And in January of this year, the Senate of the Nation suffered a ransomware attack that published sensitive data of workers in the Upper House, bills and even fingerprints of high-ranking officials.
The cases continued to multiply during 2022: the Conicet, the Justice of the Province of Córdoba -which was paralyzed and unable to operate both judicially and operationally- and the Buenos Aires Legislature, two weeks ago.
Even Garrahan Hospital suffered a cyberattack in the middle of the year.
The truth is that it is not just a public administration problem: giants such as Mercado Libre and Globant were also attacked in March of this year. Months later, Osde one of the largest prepaid health companies in the country, suffered a ransomware attack that involved the publication of sensitive data of its members, such as medical records, documents and emails.