By Brazil’s cybercrime ecosystem is thriving, with hackers and fraudsters targeting both public and private organizations at an unprecedented rate. Stolen data, compromised accounts, and access to critical government systems are then monetized on dark web and deep web forums and chat platforms (e.g., Telegram).
Our investigation has uncovered a Brazilian cyber actor actively selling access to sensitive databases and government systems. The actor operates under the username “Midia_22” (ID: 6356697838) on Telegram.
Government Systems for Sale on BreachForums
This threat actor has been found offering unauthorized access to critical Brazilian systems, including:
- Brazilian Army System – posed on September 4, 2024
- Secretaria de Defesa Social Database – posed on August 29, 2024
- Multiple Internal Government Systems – posed on August 10, 2024
- BRAZIL PANEL RETURNING FULL INFO – posed on August 9, 2024
- Brazilian Police System – posed on July 27, 2024
Digital Footprint of Midia_22
The user “Midia_22” (ID: 6356697838) has been posting across at least 33 Telegram chats, specializing in the sale of hacked data and financial fraud techniques. Analysis of his profile, messages and shared content indicates:
- A previous association with the phone number +5511914272032, a São Paulo-based landline.
- Several photos flaunting cash and drugs (weed).
- Involvement in credit card fraud and payment processing exploits, including bypassing fraud detection on Stripe, Braintree, and Cielo.
- Transactions for Windows VPS services (R$25) via @gangdodestroyer Telegram chat.
- Exposure of Brazilian citizens’ personal data.
- A potential location in Porto Alegre, Rio Grande do Sul.
Cybercrime Networks on Telegram
The user Midia_22 has been identified as a participant in multiple Telegram groups dedicated to cybercrime, including:
- Cybertools – Central de Checkers 🇧🇷 (ID: 1768892332)
- 𝐀𝐒𝐒𝐎𝐂𝐈𝐀𝐓𝐎𝐍𝐒 𝐁𝐈𝐍𝐍𝐄𝐑𝐒 「𝐆𝐑𝐎𝐔𝐏」 (ID: 1727369020)
- 𝙞𝙢𝙥𝙚𝙧𝙞𝙤𝙈𝙖𝙧𝙠𝙚𝙩 (ID: 2293532862)
- T00lsPubl1c [ CHANNEL ] (ID: 2220717956)
These groups act as marketplaces for stolen data, hacking tools, and digital fraud schemes. Members frequently exchange tips on bypassing security measures, selling leaked credentials, and coordinating cyber-attacks.
The Bigger Picture
Brazil’s cybercrime ecosystem is no longer confined to local actors exploiting domestic systems. The sale of stolen data on BreachForums highlights how Brazilian hackers are actively integrating into the global black market for cybercrime. As law enforcement agencies work to track and dismantle these networks, the rapid expansion of cybercriminal marketplaces continues to pose a major threat to governments and businesses worldwide.
For more information on the online footprint of this threat actor, please see the table in the appendix.
Appendix
| Platform | Username / ID / Phone | Notes |
| Telegram | Midia_22 / 6356697838 | Registered: 25 March, 2022 Previous Phone Number: +5511914272032 |
| Signal | Midia.01 | |
| Breachforums.st | Midia22 / 253044 | Registered: 20 July, 2024 Gender: Male Bio: “Also know by Pingu ?” Status: Offline (Last Visit: 12-04-2024, 10:44 PM) |
| Github.com | Midia22 / 171884529 | Registered: 6 June, 2024 |
| Discord.com | midia_22 / 1250019708938489878 | Registered: 11 June, 2024 |
| WhatsApp.com | +5511914272032 | Registered: 9 December, 2024 Registered on Facebook and Instagram |
