DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on September 30, 2022 by chum1ng0

Cl (Update): Failure to patch resulted in an embarrassing government leak

Last week, DataBreaches noted that Guacamaya Group hacktivists had leaked emails from El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, the Joint Chiefs of Staff, and other governments. Now BiobioChile reports the government is considering the creation of a national cybersecurity agency.

The hack and leak of 400,000 emails became even more embarrassing after the Guacamaya Group pointed out that a Chilean cybersecurity company had alerted EMCO to the vulnerability in August 2021… but  “EMCO chose to leave it open.”  BiobioChile reports (translated): “Antecedents gathered by this media even point to a failed tender of December 2021 to review and repair the mail servers that would later be targeted by cyber-attackers. The public tender never saw the light of day: it had to be revoked just days later due to “budgetary” problems.”

Budgetary problems are real. But the costs of not addressing security issues can be even costlier.

Br: Mimoso do Sul reports cyberattack

On Thursday, Mimoso do Sul  announced that due a cyberattack, databases are compromised causing the paralysis of some services. The municipality announced it was taking the necessary measures to solve these problems as soon as possible, but no further details about the attack were provided in the notice, but a spokesperson subsequently informed a media outlet that the prefecture did not suffer any serious losses. A fuller statement will be provided after their assessment is completed.

Py:  Avos Locker claims attack of DLS Motors

Avos Locker added DLS Motors Paraguay to its leak site this week, and claims to have 50 GB of information. They provided a few files as proof. DataBreaches contacted DLS Motors via email to request verification or denial of the claimed attack and exfiltration but DLS did not reply.  DataBreaches did not find any notices on DLS’s social networks or website.

DataBreaches also reached out to Avos to ask whether DLS had responded to any demands or negotiated at all, but it appears they have not read the inquiry.

Gt: Ministry of Foreign Affairs of Guatemala victim of VSOP attack

Threat actors calling themselves VSOP have added the Ministry of Foreign Affairs of Guatemala to their leak site. Files related to the country’s consulate in New York have been leaked.

In one folder called “Consular Assistance,” DataBreaches saw files from 2016 – 2021. More recent files were found in a folder called “Assistant.”  Those files included appointments and passports. In a folder called “Consular Protection,” we saw files such as reports on detainees and deportees in May 2014.

DataBreaches sent an email inquiry to the Ministry to inquire if they had been the victims of a breach by VSOP and received a reply saying we will get a response on October 12, 2022.

DataBreaches did find other proof of a breach, however. On September 19, the Ministry tweeted that they were experiencing technical problems that they hoped to resolve soon. On September 28, the government issued a statement where it referred to “technical problems,” but did admit to any due to a  cyberattack. They claim, in part (machine translation:)

The technical failure of the server caused the suspension, for 10 days, of the services provided by Minex. This time was used to maintain the entire system and replace equipment, which was necessary for the reactivation.

The statement tells people about how services are currently being provided and prioritized.

DataBreaches also sent an email to VSOP about the incident. They did not reply.

EC: LockBit claims attack of Universidad Internacional Del Ecuador

Lockbit added the Universidad Internacional Del Ecuador (UIDE) to its leaks site on September 21. UIDE has not responded to DataBreaches’ inquiries, and we see no notice of any breach on their site.

Lockbit posted a sample of excel templates and DNI documents. They claim to have 213,605 files and 150GB of files.

Cl:  Malware hits Chilean Judiciary

On September 26th, the Chilean Judiciary’s information technology department issued an alert about a computer virus.  Machine translation:

“This computer virus affects only computers with Windows 7 and McAfee antivirus, which are connected within the network of the Judiciary. The universe of computers with this operating system in the Judicial Branch is 3,500 out of a total of 14,990 computers.  This problem has not affected the operation of the four chambers of the Supreme Court, which are in normal session. “

The judiciary subsequently filed a criminal complaint. Machine translation:

“We have had the information that this is a massive attack, a criminal complaint has been filed today by the Corporation before the 7th Court of Guarantee of Santiago, regarding whoever is responsible, because there is still no information about what group or persons have had to do with this situation,” said spokeswoman Angela Vivanco.

A press release indicated the this was a massive ransomware campaign, but not necessarily targeting the judicial branch.


Editing by Dissent

 

 

Related posts:

  • Operation Chile, why, when and what its about
  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
Category: Breach IncidentsBusiness SectorEducation SectorGovernment SectorHackMalwareNon-U.S.

Post navigation

← The Coeur Group notifies patients of data breach
Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.