In a significant cyberattack that has sent shockwaves through the Brazilian financial sector, C&M Software, a key provider connecting the country’s central bank with local banks, revealed on June 30 that hackers had stolen approximately 800 Brazilian reals (around US $140 million) from the reserve accounts of six financial institutions. This breach has prompted the Banco Central to suspend access to C&M Software’s services while authorities investigate the incident.
The attack, which has garnered major headlines in Brazil, led to the arrest of João Roque, a 48-year-old IT worker at C&M Software. Roque is alleged to have facilitated the breach by selling sensitive access credentials to cybercriminals for approximately US $2,700. His actions reportedly allowed hackers to gain unauthorized access to critical systems, enabling the significant financial theft reported by local media.
According to reports from São Paulo’s TV Globo, Roque claimed he was contacted by the attackers in March as he was leaving a bar. Following this, he received instructions through WhatsApp and coordinated payments via motorcycle courier. Despite the precarious nature of his dealings, Roque allegedly changed his mobile phone every fifteen days in an attempt to evade detection.
Authorities have indicated that the stolen funds were not from individual customers but rather from reserve accounts used for transactions between financial institutions. As a result, the general public is not expected to suffer direct consequences from the breach. In the wake of the attack, Brazilian authorities have frozen US $50 million connected to the illicit activities, and C&M Software has stated it is fully cooperating with the ongoing investigation.
This incident shines a light on the critical importance of security not just within organizations but also concerning their suppliers and the potential risks posed by employees. As investigations continue, the Brazilian financial community remains on high alert for any further security threats.