Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

By Aleksandar Milenkoski and Tom Hegel

Executive Summary

• Over the first quarter of 2023, SentinelLabs observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group.


• The campaign is the latest iteration of a broader activity nexus dating back to 2021, now targeting the users of over 30 financial institutions.


• The attackers can steal credentials and exfiltrate users’ data and personal information, which can be leveraged for malicious activities beyond financial gain.


• The threat group simultaneously …

back campaign credentials dating executive financial financial institutions first quarter institutions latest malware analysis nexus pii sentinellabs targeting threat threat group tom hegel