Overview
This episode of Shorumi Talks brings together security experts to discuss the recent cyberattack involving a Brazilian banking software provider. The discussion covers the timeline of the incident, technical attack details, related vulnerabilities, industry practices, and advice for entering the information security field.
Introduction and Project Context
- Shorumi Talks is an informal tech discussion series with no fixed schedule, generally airing on Fridays.
- The episode features guests: Alc Jones (True Hacking), Júlio de Flora (Hardware Hacking), and Penegui, all with significant experience in offensive and hardware security.
- Main topic: Analysis of an alleged cyberattack targeting the Central Bank via a third-party software provider (CM Software).
Timeline and Description of the Banking Attack
- The attack was first noticed on June 30, 2025, with atypical cryptocurrency purchase activity.
- A significant transaction (R$18 million) alerted another bank, leading to further internal notifications.
- The Central Bank’s Brazilian Payments System was used, not directly the Central Bank itself.
- CM Software, a white-label banking platform, was disconnected as a preventive measure after the incident.
- Public statements were issued with little technical detail; incident details emerged slowly.
Technical Analysis and Theories
- The attack involved stolen administrator credentials, likely sold by an insider for around R$15,000.
- Industry context: Credential sales in this sector often command much higher prices, highlighting the unusual sale.
- Two main exploitation theories:
- Use of sold admin credentials directly.
- Further privilege escalation via an ActiveMQ (CVE-2023) remote code execution vulnerability.
- Attackers used the compromised system to initiate massive financial transfers to various accounts, often through orange (fake/abandoned) accounts.
Broader Implications and Event Discussion
- The vulnerability and lack of adequate monitoring processes in critical infrastructure were highlighted.
- Events such as H2HC and DEFCON were discussed as essential for community knowledge sharing.
- Social engineering, insider threats, and hardware implants (e.g., rogue devices in bank branches) remain critical security concerns.
Insights on Security Community and Career Advice
- The panel shared that real security expertise comes from technical research, community contribution, and event participation—not from fast-track online “hacker” courses.
- Building credibility in security involves contributing research, talks, and supporting technical communities.
- Beginners are advised to join recognized communities, attend reputable events, and avoid flashy marketing schemes.
Recommendations / Advice
- Only trust well-established communities and verified professionals when seeking security training.
- Participate in events and consume technical content to gain recognition and practical knowledge.
- Avoid falling for courses promising quick results or guaranteed high salaries.
Closing Remarks and Resources
- Panelists shared their channels and platforms: True Hacking, Hardware Hacking, and Penegui’s content on IG/YouTube.
- Discussion ended with invitations for continued engagement in future episodes and coverage of security events.