{
	"id": "3a84e53a-c580-48be-bf59-7cfc9ad5f99f",
	"created_at": "2026-04-06T00:17:51.629254Z",
	"updated_at": "2026-04-10T03:28:46.856461Z",
	"deleted_at": null,
	"sha1_hash": "f7ccf79dd0882ca85fe9b89195c2cf01a0c2942e",
	"title": "Hackers bring down new media sites: PJ cybercrime unit investigating – Portugal Resident",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 295044,
	"plain_text": "Hackers bring down new media sites: PJ cybercrime unit\r\ninvestigating – Portugal Resident\r\nBy Natasha Donn\r\nPublished: 2022-02-06 · Archived: 2026-04-05 12:52:43 UTC\r\nA new IT hack on media organisations appears to have taken place in the early hours of this morning.\r\nIn the wake of the attack last month on the Impresa group (click here), the latest victims – Correio da Manhã (the\r\ncountry’s most widely-read tabloid), Sábado, Jornal de Negócios and CMTV – belong to the Cofina media group.\r\nThe PJ’s UNC3T cybercrime combat unit is investigating – and refusing to credit hackers Lapsus$ with the attack,\r\nin spite of the hackers’ purported Telegram platform featuring Correio da Manhã’s statement on the situation in the\r\nearly hours of today.\r\nFor now, a source for the PJ, has simply reiterated what is slowly becoming obvious: “cybercrime is increasing\r\nexponentially”.\r\nAdvice to companies is to ‘adopt measures of IT security, including computer redundancy measures and internal\r\nuse of credentials and passwords to prevent this and other kinds of attack”.\r\nThe attack on the Impresa group was seen as an assault on ‘press freedom’, and rendered the sites of SIC\r\ntelevision news and Expresso inoperable for a period of days. In fact, SIC’s site has not yet returned in its original\r\nform, appearing to have had to re-construct from scratch.\r\nLast weekend, the Lapsus$ group appeared also to be claiming an attack on the parliamentary site,  but this was\r\nnot verified (click here).\r\nThe curious aspect of Lapsus$ group ‘attacks’ is that, up until now, there not not appear to have been any demands\r\nfor ‘ransom’ (for restitution of hacked information). It seems the group simply launches its attacks, claims credit\r\nfor them, and then goes to ground.\r\nIt’s not even clear where Lapsus$ is based.\r\nnatasha.donn@algarveresident.com\r\nhttps://www.portugalresident.com/hackers-bring-down-new-media-sites-pj-cybercrime-unit-investigating/\r\nPage 1 of 2\n\nJournalist for the Portugal Resident.\r\nSource: https://www.portugalresident.com/hackers-bring-down-new-media-sites-pj-cybercrime-unit-investigating/\r\nhttps://www.portugalresident.com/hackers-bring-down-new-media-sites-pj-cybercrime-unit-investigating/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.portugalresident.com/hackers-bring-down-new-media-sites-pj-cybercrime-unit-investigating/"
	],
	"report_names": [
		"hackers-bring-down-new-media-sites-pj-cybercrime-unit-investigating"
	],
	"threat_actors": [
		{
			"id": "be5097b2-a70f-490f-8c06-250773692fae",
			"created_at": "2022-10-27T08:27:13.22631Z",
			"updated_at": "2026-04-10T02:00:05.311385Z",
			"deleted_at": null,
			"main_name": "LAPSUS$",
			"aliases": [
				"LAPSUS$",
				"DEV-0537",
				"Strawberry Tempest"
			],
			"source_name": "MITRE:LAPSUS$",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d4b9608d-af69-43bc-a08a-38167ac6306a",
			"created_at": "2023-01-06T13:46:39.335061Z",
			"updated_at": "2026-04-10T02:00:03.291149Z",
			"deleted_at": null,
			"main_name": "LAPSUS",
			"aliases": [
				"Lapsus",
				"LAPSUS$",
				"DEV-0537",
				"SLIPPY SPIDER",
				"Strawberry Tempest",
				"UNC3661"
			],
			"source_name": "MISPGALAXY:LAPSUS",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2347282d-6b88-4fbe-b816-16b156c285ac",
			"created_at": "2024-06-19T02:03:08.099397Z",
			"updated_at": "2026-04-10T02:00:03.663831Z",
			"deleted_at": null,
			"main_name": "GOLD RAINFOREST",
			"aliases": [
				"Lapsus$",
				"Slippy Spider ",
				"Strawberry Tempest "
			],
			"source_name": "Secureworks:GOLD RAINFOREST",
			"tools": [
				"Mimikatz"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b",
			"created_at": "2022-10-25T16:07:24.503878Z",
			"updated_at": "2026-04-10T02:00:05.014316Z",
			"deleted_at": null,
			"main_name": "Lapsus$",
			"aliases": [
				"DEV-0537",
				"G1004",
				"Slippy Spider",
				"Strawberry Tempest"
			],
			"source_name": "ETDA:Lapsus$",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434671,
	"ts_updated_at": 1775791726,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f7ccf79dd0882ca85fe9b89195c2cf01a0c2942e.pdf",
		"text": "https://archive.orkl.eu/f7ccf79dd0882ca85fe9b89195c2cf01a0c2942e.txt",
		"img": "https://archive.orkl.eu/f7ccf79dd0882ca85fe9b89195c2cf01a0c2942e.jpg"
	}
}