Brazil's financial system suffers a cyberattack, the Brazilian Central Bank intervenes urgently to investigate.

On July 2nd local time, at least 6 financial institutions in Brazil were targeted in a cyber attack, where hackers exploited a system vulnerability of a third-party payment service provider to carry out large-scale illegal transfers. Currently, the Central Bank of Brazil has not disclosed the specific amount involved or the list of affected financial institutions. An investigation by the Brazilian Central Bank revealed that the entry point for this attack was not the banks' own systems, but rather the authorized payment service provider, C&M Software. Since 2021, this company has been authorized by the Brazilian Central Bank to provide technical integration services for several small and medium-sized banks and financial technology companies with the Central Bank's PIX instant payment system. Hackers managed to bypass the banks' risk control systems by forging internal access credentials of this payment service provider, and directly issued illegal transfer orders to the PIX instant payment system. Some of the illegally transferred funds were quickly distributed to multiple fake accounts, making it difficult to trace. The Brazilian Federal Police and the So Paulo State Police are currently investigating the incident. The Central Bank of Brazil has urgently suspended the system interface of this service provider, and has instructed related institutions to temporarily halt transfers initiated through this service provider, while also requiring financial institutions to thoroughly verify the qualifications of third-party service providers.