Cybersecurity teams across the globe are tracking a string of high-impact incidents this week, ranging from a foiled $130 million (Rs. 1146 Crores) bank heist in Brazil to a stealth backdoor deployed by Russian intelligence operatives. The developments underscore the shifting threat landscape, where state-sponsored espionage campaigns and opportunistic cybercriminals continue to collide with financial networks and corporate infrastructure.
Foiled Heist Exposes Fragility of Real-Time Payments
Brazil’s Pix instant payments system narrowly avoided a massive breach after attackers compromised vendor credentials linked to Sinqia S.A., the local fintech subsidiary of Evertec. The attackers attempted unauthorised transfers totalling $130 million before investigators halted the activity on August 29.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
Regulators quickly revoked Sinqia’s access to Pix while forensic teams traced partial fund recoveries. Early reports suggest no customer data was stolen, but the incident highlights the systemic risk embedded in real-time payment networks. Industry analysts say the attempted breach reflects attackers’ growing interest in exploiting vendor supply chains to strike at core financial infrastructure.
New Espionage Tools and Expanding Supply-Chain Fallout
Meanwhile, researchers disclosed that Russia’s APT28 hacking group has begun using a tool dubbed “NotDoor,” a stealthy backdoor hidden within Microsoft Outlook environments. Unlike persistent malware, NotDoor remains dormant until activated by a carefully crafted email containing trigger words, making it difficult to detect in normal network traffic. Analysts believe the tool marks a new phase in Russia’s long-running espionage campaigns targeting Western governments and corporations.
The same week, the fallout from the Salesloft-Drift breach continues to widen. Cloudflare confirmed attackers extracted more than 100 API tokens via Salesforce support cases, while Palo Alto Networks and Zscaler admitted to being impacted. Investigators warn that additional disclosures are likely as the scope of the supply-chain compromise becomes clearer.
Elsewhere, U.S. officials announced multimillion-dollar bounties for three Russian operatives tied to energy sector intrusions, Iranian groups escalated phishing campaigns against diplomats worldwide, and Google patched 120 Android flaws, including two exploited zero-days. Together, the incidents reflect a cybersecurity environment where both nation-state actors and cybercriminal syndicates continue to test the resilience of global systems.