Cl (Update): Failure to patch resulted in an embarrassing government leak
Last week, DataBreaches noted that Guacamaya Group hacktivists had leaked emails from El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, the Joint Chiefs of Staff, and other governments. Now BiobioChile reports the government is considering the creation of a national cybersecurity agency.
The hack and leak of 400,000 emails became even more embarrassing after the Guacamaya Group pointed out that a Chilean cybersecurity company had alerted EMCO to the vulnerability in August 2021… but “EMCO chose to leave it open.” BiobioChile reports (translated): “Antecedents gathered by this media even point to a failed tender of December 2021 to review and repair the mail servers that would later be targeted by cyber-attackers. The public tender never saw the light of day: it had to be revoked just days later due to “budgetary” problems.”
Budgetary problems are real. But the costs of not addressing security issues can be even costlier.
Br: Mimoso do Sul reports cyberattack
On Thursday, Mimoso do Sul announced that due a cyberattack, databases are compromised causing the paralysis of some services. The municipality announced it was taking the necessary measures to solve these problems as soon as possible, but no further details about the attack were provided in the notice, but a spokesperson subsequently informed a media outlet that the prefecture did not suffer any serious losses. A fuller statement will be provided after their assessment is completed.
Py: Avos Locker claims attack of DLS Motors
Avos Locker added DLS Motors Paraguay to its leak site this week, and claims to have 50 GB of information. They provided a few files as proof. DataBreaches contacted DLS Motors via email to request verification or denial of the claimed attack and exfiltration but DLS did not reply. DataBreaches did not find any notices on DLS’s social networks or website.
DataBreaches also reached out to Avos to ask whether DLS had responded to any demands or negotiated at all, but it appears they have not read the inquiry.
Gt: Ministry of Foreign Affairs of Guatemala victim of VSOP attack
Threat actors calling themselves VSOP have added the Ministry of Foreign Affairs of Guatemala to their leak site. Files related to the country’s consulate in New York have been leaked.
In one folder called “Consular Assistance,” DataBreaches saw files from 2016 – 2021. More recent files were found in a folder called “Assistant.” Those files included appointments and passports. In a folder called “Consular Protection,” we saw files such as reports on detainees and deportees in May 2014.
DataBreaches sent an email inquiry to the Ministry to inquire if they had been the victims of a breach by VSOP and received a reply saying we will get a response on October 12, 2022.
DataBreaches did find other proof of a breach, however. On September 19, the Ministry tweeted that they were experiencing technical problems that they hoped to resolve soon. On September 28, the government issued a statement where it referred to “technical problems,” but did admit to any due to a cyberattack. They claim, in part (machine translation:)
The technical failure of the server caused the suspension, for 10 days, of the services provided by Minex. This time was used to maintain the entire system and replace equipment, which was necessary for the reactivation.
The statement tells people about how services are currently being provided and prioritized.
DataBreaches also sent an email to VSOP about the incident. They did not reply.
EC: LockBit claims attack of Universidad Internacional Del Ecuador
Lockbit added the Universidad Internacional Del Ecuador (UIDE) to its leaks site on September 21. UIDE has not responded to DataBreaches’ inquiries, and we see no notice of any breach on their site.
Lockbit posted a sample of excel templates and DNI documents. They claim to have 213,605 files and 150GB of files.
Cl: Malware hits Chilean Judiciary
On September 26th, the Chilean Judiciary’s information technology department issued an alert about a computer virus. Machine translation:
“This computer virus affects only computers with Windows 7 and McAfee antivirus, which are connected within the network of the Judiciary. The universe of computers with this operating system in the Judicial Branch is 3,500 out of a total of 14,990 computers. This problem has not affected the operation of the four chambers of the Supreme Court, which are in normal session. “
The judiciary subsequently filed a criminal complaint. Machine translation:
“We have had the information that this is a massive attack, a criminal complaint has been filed today by the Corporation before the 7th Court of Guarantee of Santiago, regarding whoever is responsible, because there is still no information about what group or persons have had to do with this situation,” said spokeswoman Angela Vivanco.
A press release indicated the this was a massive ransomware campaign, but not necessarily targeting the judicial branch.
Editing by Dissent