The “forensic analysis and resolution” of the computer attack on the Agency for Administrative Modernization (AMA) that occurred on October 10th is proceeding “at a good pace”, guaranteed the National Cybersecurity Center (CNCS), according to ECO. Furthermore, given the circulation of rumours on social media about an alleged data leak from the Tax Authority (AT), the centre guarantees that this is “not related” to the cyberattack.
AMA acknowledged having been the target of a “computer attack” last Thursday, October 10, an incident that left several digital services unavailable, including the application that allows access to the digital version of the Citizen Card. In the third statement it has released about this situation, the CNCS says that “palliative and reinforcement measures were implemented to guarantee adequate security in the re-establishment of affected services”.
However, the statement also makes reference to another situation, namely “a leak” from the Tax Authority (AT) which, according to the CNCS, “has been mentioned publicly” and “is not related to the incident affecting the infrastructure from AMA.” According to ECO, the reference concerns information that has been circulating on social media which does not correspond to any incident involving AT.
According to the centre, “the leak in question made up of groups of exposed credentials, results from criminal activity using infostealers and similar instruments.” These programs “are a type of malicious code (malware) designed to surreptitiously collect sensitive data from a system,” according to the cybersecurity centre.
“The publication of these leaks is something that occurs with some regularity”, said the CNCS, explaining that, “whenever it is aware of groups of exposed credentials, it has the procedure to force the renewal of credentials of the targeted users”. In other words, this data, if real, results from the compromise of users' own systems by programs commonly known as computer viruses.
Meanwhile, Expresso reported the discovery, in August, of a list with 15 thousand entries corresponding to supposed access credentials to the Finance Portal, of which around 9 thousand were real. The newspaper cites an official source from the Ministry of Finance, which, like the CNCS, stated that this data “does not result from any illegitimate access to AT systems”.
After the publication of this news, the Ministry of Youth and Modernization reported, in a statement, that “so far there is no evidence of exfiltration” of data in the cyberattack. “The gov.pt portal is expected to be fully recovered by 11:59 pm on 17/10”, says the Ministry.
The resolution of this incident “is progressing at a good pace and so far there is no evidence of exfiltration of personal data, with the re-establishment of services being progressively updated at: https://indisponabilidade.ama.gov.pt“.
The team involved in its resolution “continues to work exhaustively, to guarantee the replacement of all services, with adequate safety conditions”, says the Ministry, highlighting that “AMA is rigorously following all necessary procedures to ensure the restoration of systems safely.”