DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bits ‘n Pieces (Trozos y Piezas)

Posted on September 30, 2022 by chum1ng0

Cl (Update): Failure to patch resulted in an embarrassing government leak

Last week, DataBreaches noted that Guacamaya Group hacktivists had leaked emails from El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, the Joint Chiefs of Staff, and other governments. Now BiobioChile reports the government is considering the creation of a national cybersecurity agency.

The hack and leak of 400,000 emails became even more embarrassing after the Guacamaya Group pointed out that a Chilean cybersecurity company had alerted EMCO to the vulnerability in August 2021… but  “EMCO chose to leave it open.”  BiobioChile reports (translated): “Antecedents gathered by this media even point to a failed tender of December 2021 to review and repair the mail servers that would later be targeted by cyber-attackers. The public tender never saw the light of day: it had to be revoked just days later due to “budgetary” problems.”

Budgetary problems are real. But the costs of not addressing security issues can be even costlier.

Br: Mimoso do Sul reports cyberattack

On Thursday, Mimoso do Sul  announced that due a cyberattack, databases are compromised causing the paralysis of some services. The municipality announced it was taking the necessary measures to solve these problems as soon as possible, but no further details about the attack were provided in the notice, but a spokesperson subsequently informed a media outlet that the prefecture did not suffer any serious losses. A fuller statement will be provided after their assessment is completed.

Py:  Avos Locker claims attack of DLS Motors

Avos Locker added DLS Motors Paraguay to its leak site this week, and claims to have 50 GB of information. They provided a few files as proof. DataBreaches contacted DLS Motors via email to request verification or denial of the claimed attack and exfiltration but DLS did not reply.  DataBreaches did not find any notices on DLS’s social networks or website.

DataBreaches also reached out to Avos to ask whether DLS had responded to any demands or negotiated at all, but it appears they have not read the inquiry.

Gt: Ministry of Foreign Affairs of Guatemala victim of VSOP attack

Threat actors calling themselves VSOP have added the Ministry of Foreign Affairs of Guatemala to their leak site. Files related to the country’s consulate in New York have been leaked.

In one folder called “Consular Assistance,” DataBreaches saw files from 2016 – 2021. More recent files were found in a folder called “Assistant.”  Those files included appointments and passports. In a folder called “Consular Protection,” we saw files such as reports on detainees and deportees in May 2014.

DataBreaches sent an email inquiry to the Ministry to inquire if they had been the victims of a breach by VSOP and received a reply saying we will get a response on October 12, 2022.

DataBreaches did find other proof of a breach, however. On September 19, the Ministry tweeted that they were experiencing technical problems that they hoped to resolve soon. On September 28, the government issued a statement where it referred to “technical problems,” but did admit to any due to a  cyberattack. They claim, in part (machine translation:)

The technical failure of the server caused the suspension, for 10 days, of the services provided by Minex. This time was used to maintain the entire system and replace equipment, which was necessary for the reactivation.

The statement tells people about how services are currently being provided and prioritized.

DataBreaches also sent an email to VSOP about the incident. They did not reply.

EC: LockBit claims attack of Universidad Internacional Del Ecuador

Lockbit added the Universidad Internacional Del Ecuador (UIDE) to its leaks site on September 21. UIDE has not responded to DataBreaches’ inquiries, and we see no notice of any breach on their site.

Lockbit posted a sample of excel templates and DNI documents. They claim to have 213,605 files and 150GB of files.

Cl:  Malware hits Chilean Judiciary

On September 26th, the Chilean Judiciary’s information technology department issued an alert about a computer virus.  Machine translation:

“This computer virus affects only computers with Windows 7 and McAfee antivirus, which are connected within the network of the Judiciary. The universe of computers with this operating system in the Judicial Branch is 3,500 out of a total of 14,990 computers.  This problem has not affected the operation of the four chambers of the Supreme Court, which are in normal session. “

The judiciary subsequently filed a criminal complaint. Machine translation:

“We have had the information that this is a massive attack, a criminal complaint has been filed today by the Corporation before the 7th Court of Guarantee of Santiago, regarding whoever is responsible, because there is still no information about what group or persons have had to do with this situation,” said spokeswoman Angela Vivanco.

A press release indicated the this was a massive ransomware campaign, but not necessarily targeting the judicial branch.


Editing by Dissent

 

 

Category: Breach IncidentsBusiness SectorEducation SectorGovernment SectorHackMalwareNon-U.S.

Post navigation

← The Coeur Group notifies patients of data breach
Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.