The federal government's financial administration system, Siafi, used for payment execution, was targeted in an invasion in April. There are suspicions that the attackers managed to issue bank orders and divert Union funds. The Federal Police are investigating the case and are tracking the suspects with support from the Brazilian Intelligence Agency (Abin).
The National Treasury, the Siafi's managing body, implemented additional security measures to authenticate users authorized to operate the system and authorize payments. In a statement, the agency confirmed the "improper use of credentials obtained irregularly" and said that "attempts to carry out operations on the platform were identified." The Treasury also stated that the actions "did not cause harm to the system's integrity." According to sources assisting in the investigations, the user authentication system through the gov.br portal suffered an attack. With the security flaw, managers authorized to make financial transactions had their accesses used by unauthorized third parties.
Investigations indicate that the invaders managed to access Siafi using the CPF (tax identification number) and password from gov.br of managers and expense orderers to operate the payment platform. The suspicion is that the invaders collected data without authorization through a password phishing system (using malicious links, for example). One hypothesis is that this collection lasted for months until the suspects gathered a considerable volume of passwords to carry out the attack.
According to sources assisting in the investigations, there is suspicion of payments with a replacement of the original recipient of the budget allocation, characterizing diversion. There is no official confirmation on the amounts involved or which agencies were targeted by the action.