One of Portugal’s leading media conglomerates said Thursday that a group calling itself “Lapsus$” hacked the company’s online services, taking down some of its most popular websites and contacting subscribers.
Grupo Impresa said the attack was aimed at disrupting the company’s services and sending fake news messages to subscribers, including one that said, “Breaking: President removed and accused of murder: Lapsus$ is Portugal’s new president.”
The company said in a statement that the hackers didn’t demand any payment.
The hackers gained access to the company’s Amazon Web Services account and sent emails and text messages to subscribers, the statement said.
The hackers accessed some subscriber information, but Impresa said it had no evidence they got hold of subscribers’ passwords or credit card details.
The attack occurred early on Jan. 2, the statement said. The company regained control of its cloud services later that day, though on Thursday two of its main websites — belonging to top weekly newspaper Expresso and TV channels run by its broadcaster S.I.C. — were still using temporary sites.
The incident is being investigated by Portuguese police and the country’s National Cybersecurity Center.

More from Associated Press
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- China Says It’s Looking Into Report of Spy Balloon Over US
- Russian Millionaire on Trial in Hack, Insider Trade Scheme
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
