The cybersecurity agency VECERT Analyst reported on March 17 a knowledge leak in QuoVadis Venezuela, attributed to the attacker ‘malconguerra2’. This risk actor is already chargeable for the breaches in Cashea and BT Journey, thus including to the latest wave of incidents that has affected different platforms within the nation, similar to Yummy Rides and Rapikom in lower than 1 much less.
Based on the VECERT crew, the brand new breach in QuoVadis uncovered greater than 43,000 information, together with knowledge from 23,362 prospects.
Based on the report, the leaked recordsdata include digital copies of passports and identification playing cards, bank card particulars, full cost historical pastjourney information and data from affiliated brokers. The amount of leaked data exceeds 100 megabytes (MB), VECERT defined.
Combining identification paperwork with full monetary knowledge is particularly delicate. Such a data permits financial institution fraud, identification theft and assaults similar to phishing directed, a observe during which an attacker simulates a official communication from an organization to acquire individuals’s non-public knowledge and thus violate financial institution accounts, cryptocurrency wallets, amongst others.
On the time of this writing, QuoVadis has not made an official assertion explaining what occurred. This firm, based mostly in Caracas, Venezuela, is concentrated on personalised service, flights, packages, journey and nationwide tourism.
The identical actor, three victims in a single month
The assault on QuoVadis is just not an remoted incident. As CriptoNoticias defined, “Malconguerra2” is identical actor that VECERT held chargeable for the leak of BT Journey Venezuela, reported March 16.
On this incident, the breach affected greater than 56,000 prospects and uncovered 1 gigabyte (GB) of delicate data, together with passports, IDs, bank cards and 36,614 journey information. Beforehand, on February 21, at similar attacker was blamed for the Cashea leakthe place it compromised a 46.5 GB database with greater than 79 million transactional information.
On the time, the digital credit score platform confirmed the occasion, though dominated out that consumer passwords or accounts had been compromised. This collection of incidents—three in lower than a month and two towards the tourism sector in simply 24 hours—represents what VECERT describes as a ‘marketing campaign directed towards the nation’s tourism infrastructure.’
The cryptocurrency analyst identified in X as Cisco rated “malconguerra2” as “essentially the most prolific cyber attacker in Venezuelan digital historical past” and warned that “that is removed from over.” In his publication he additionally identified the absence of an official response: “I’m wondering if some authority will say one thing or we are going to all faux like nothing is occurring.”
There are already 5 functions compromised in Venezuela
On March 8 and 9, the Venezuelan digital ecosystem recorded the Yummy Rides and Rapikom leaks. This time attributed by VECERT to a distinct actor recognized as “GordonFreeman.”
The Rapikom breach uncovered 5,000 information together with passwords, cost strategies, tax data and contacts of affiliated firms. For its half, the Yummy leak consisted of the publication of 30,000 photographs related to the identification of the drivers registered on the platform.
In contrast to monetary knowledge, exposing pictures and names of drivers represents a bodily security danger to these affected.
Likewise, a sixth vulnerability could possibly be added in Venezuela that occurred firstly of January. Kontigo, a Venezuelan monetary companies platform with digital belongings, suffered on January 5 drain of over USD 300,000 in USDC. Nonetheless, the following day, they assured that the corporate returned the funds to the affected customers.
Taken collectively, the leaks attributed to “malconguerra2” on Cashea, BT Journey and QuoVadis add as much as greater than 47 GB of information. BT Journey and QuoVadis have greater than 79,000 prospects with uncovered bank card knowledge, though the sources don’t specify what number of information embody that exact knowledge. Concerning the Yummy Rides and Rapikom leaks, attributed to “GordonFreeman”, VECERT didn’t element the amount in gigabytes.
Given the buildup of incidents, the sample suggests two particular wants. On the enterprise aspect, strengthen safety structure with which they retailer delicate knowledge of their shoppers. On the consumer aspect, consider which platforms they share monetary and identification data with, given that after filtered, this knowledge can’t be recovered.
