The cybersecurity agency VECERT Analyst reported on March 17 a knowledge leak in QuoVadis Venezuela, attributed to the attacker ‘malconguerra2’. This menace actor is already chargeable for the breaches in Cashea and BT Journey, thus including to the latest wave of incidents that has affected different platforms within the nation, similar to Yummy Rides and Rapikom in lower than 1 much less.
In line with the VECERT workforce, the brand new breach in QuoVadis uncovered greater than 43,000 data, together with information from 23,362 prospects.
In line with the report, the leaked information comprise digital copies of passports and id playing cards, bank card particulars, full fee historical pastjourney data and knowledge from affiliated brokers. The amount of leaked info exceeds 100 megabytes (MB), VECERT defined.
Combining id paperwork with full monetary information is particularly delicate. The sort of info permits financial institution fraud, id theft and assaults similar to phishing directed, a apply through which an attacker simulates a reputable communication from an organization to acquire folks’s non-public information and thus violate financial institution accounts, cryptocurrency wallets, amongst others.
On the time of this writing, QuoVadis has not made an official assertion explaining what occurred. This firm, based mostly in Caracas, Venezuela, is concentrated on customized service, flights, packages, journey and nationwide tourism.
The identical actor, three victims in a single month
The assault on QuoVadis shouldn’t be an remoted incident. As CriptoNoticias defined, “Malconguerra2” is similar actor that VECERT held chargeable for the leak of BT Journey Venezuela, reported March 16.
On this incident, the breach affected greater than 56,000 prospects and uncovered 1 gigabyte (GB) of delicate info, together with passports, IDs, bank cards and 36,614 journey data. Beforehand, on February 21, at similar attacker was blamed for the Cashea leakthe place it compromised a 46.5 GB database with greater than 79 million transactional data.
On the time, the digital credit score platform confirmed the occasion, though dominated out that person passwords or accounts had been compromised. This collection of incidents—three in lower than a month and two towards the tourism sector in simply 24 hours—represents what VECERT describes as a ‘marketing campaign directed towards the nation’s tourism infrastructure.’
The cryptocurrency analyst identified in X as Cisco rated “malconguerra2” as “essentially the most prolific cyber attacker in Venezuelan digital historical past” and warned that “that is removed from over.” In his publication he additionally identified the absence of an official response: “I’m wondering if some authority will say one thing or we are going to all fake like nothing is occurring.”
There are already 5 functions compromised in Venezuela
On March 8 and 9, the Venezuelan digital ecosystem recorded the Yummy Rides and Rapikom leaks. This time attributed by VECERT to a special actor recognized as “GordonFreeman.”
The Rapikom breach uncovered 5,000 data together with passwords, fee strategies, tax info and contacts of affiliated corporations. For its half, the Yummy leak consisted of the publication of 30,000 pictures related to the id of the drivers registered on the platform.
Not like monetary information, exposing photographs and names of drivers represents a bodily security threat to these affected.
Likewise, a sixth vulnerability could possibly be added in Venezuela that occurred firstly of January. Kontigo, a Venezuelan monetary companies platform with digital belongings, suffered on January 5 drain of over USD 300,000 in USDC. Nonetheless, the following day, they assured that the corporate returned the funds to the affected customers.
Taken collectively, the leaks attributed to “malconguerra2” on Cashea, BT Journey and QuoVadis add as much as greater than 47 GB of information. BT Journey and QuoVadis have greater than 79,000 prospects with uncovered bank card information, though the sources don’t specify what number of data embrace that specific information. Relating to the Yummy Rides and Rapikom leaks, attributed to “GordonFreeman”, VECERT didn’t element the amount in gigabytes.
Given the buildup of incidents, the sample suggests two particular wants. On the enterprise facet, strengthen safety structure with which they retailer delicate information of their shoppers. On the person facet, consider which platforms they share monetary and id info with, given that after filtered, this information can’t be recovered.
