More Data Leaks as part of OpOlympicHacking

More Data Leaks as part of OpOlympicHacking
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
July 28, 2016 | 2 Min Read

In our recent research, we demonstrated eight cybersecurity considerations around Rio 2016. The paper lays out hacktivism and cybercrime threats that organizations can expect to see throughout the competition. Since we published the paper, we’ve observed further activity as part of OpOlympicHacking.

Last week, a post was added to Pastebin, which included entries from a database table alleged to have been breached from the website of a consulting firm based in Sao Paolo, Brazil that specializes in international trade, government affairs and investment projects.

The post also contained a link to a Twitter account associated with the hacktivist campaign OpOlympicHacking, though there was no announcement on this account that the company had been targeted.

The exposed data appeared to consist of eight sets of usernames and corresponding clear text passwords. Online searches did not indicate that the data had been posted to publicly available sources prior to the post being made. While we could not confirm whether the credentials alleged to have been stolen from this website were genuine, some of the emails appeared to be legitimate due to some of them appearing on the respective company websites and social media profiles.

The source of the data or how it was acquired was not confirmed; however, if a compromise did take place, we assess there to be a realistic possibility it was obtained as a result of an SQL injection attack. This is based on the appearance of database table names in the Pastebin post and the frequent use of SQL injection tools by hacktivist actors. The targeting of this organization was assessed as consistent with previous activity associated with this campaign.

This is not a new tactic. Back in February, as part of OpOlympicHacking, we detected claims of successful data leakage, in one instance against a multinational energy corporation that has been embroiled in multiple corruption scandals in Brazil, as well as claims of successful distributed denial of service attacks. This appears to be a continuation of this trend and, with under a week to go until the opening ceremony, hit is highly likely that further targeting as part of this campaign will be conducted in the near future.

Related Posts

3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
BitBazaar Market: Deception and Manipulation on the Dark Web

BitBazaar Market: Deception and Manipulation on the Dark Web

May 12, 2020 | 8 Min Read

It's a BitBazaar that they thought they...