← All stories
● Covered by 1 source · 1 reportHigh impact

Over 20 Brazilian Government Websites Hijacked for Malware Delivery

Aggregated by BrevFeed security · updated 1h ago
🔖 Save

More than 20 Brazilian government websites were hijacked as part of an active PhantomEnigma campaign, presenting significant risks to banks and public agencies. The attacks utilized spoofed emails and compromised government domains, allowing malware to be delivered under the guise of trusted infrastructure.

Key points

Hijacking of Government Websites

ANY.RUN uncovered that over 20 Brazilian government websites were hijacked and turned into channels for malware delivery in an active campaign linked to PhantomEnigma. This alarming discovery highlights the increasing risks posed to sensitive entities such as banks and public agencies.

Tactics of the Attack

The attackers utilized fake police-themed documents, including 'Ofício Polícia Civil' notices and 'Procuração Digital' notices, to deceive victims. Some of these documents contained QR codes while others included links that mimicked legitimate government resources.

Email Spoofing Techniques

Emails were sent from compromised mailboxes and successfully passed SPF, DKIM, and DMARC checks. This allowed them to appear more legitimate than typical phishing emails, increasing the chances of victim engagement.

Use of Compromised Government Infrastructure

Compromised systems included several government portals such as timon.ma.gov.br and loginam.sesp.es.gov.br. These sites facilitated the delivery of malware rather than being the final targets of the attacks, leveraging their trusted status for undetected access.

Evolution of PhantomEnigma Operations

The PhantomEnigma campaign exhibited an evolution in its approach, transitioning from banking-focused activities to exploitation of established government infrastructure. This evolution presents a better delivery mechanism without the need for identifying new target groups.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →

Reporting from

More than 20 Brazilian government websites were hijacked as part of an active PhantomEnigma campaign, presenting significant risks to banks and public agencies. The attacks utilized spoofed emails and compromised government domains, allowing malware to be delivered under the guise of trusted infrastructure.