Cl: Guacamaya Group leaks emails from Joint Chiefs of Staff
El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, was the victim of a data leak. Thousands of emails were leaked online by the hacktivist group, Guacamaya in “Operation Repressive Forces. About 10TB of emails from military and police organizations from several countries were leaked, including the Secretariat of National Defense of Mexico, the National Civil Police of El Salvador, the General Command of the Armed Forces of Colombia, the Armed Forces of El Salvador, the Joint Command of the Armed Forces of Peru, and the Army of Peru.
The government issued a public statement on September 21 (translation):
In view of the known facts related to the security breach of the Joint Chiefs of Staff e-mails, the President of the Republic has instructed the Minister of National Defense to return to the country to lead the response to these facts.
The Government has ordered an administrative inquiry to determine the corresponding responsibilities. Additionally, the background information has been made available to the military justice system to initiate a criminal investigation.
Ar: Everest Group sells access to Argentina’s Ministry of Economy
On September 20, a sales listing by “Everest” appeared in a popular hacking-related forum for network access to the Ministry of Economy of Argentina. The listing also claimed that the sale included access to various financial instruments and software of the ministry. It did not mention using any guarantor or middleman and gave a Tox ID for contacts/chat. Using a guarantor or middleman generally inspires more confidence in would-be buyers that a listing is not a scam, especially when the seller is either new or does not have a well-established reputation on the forum.
When contacted on Tox, Everest did not respond, but on September 21, the listing appeared on the Everest ransomware group site. When contacted via email, Everest informed DataBreaches that the sale price was $35,000.
Clarin reports the ministry denounced the possible hacking and has opened a criminal investigation into Everest. At the same time, they investigate to determine if there has been any unauthorized access to their databases or theft of any information:
“Although our technical areas have not yet been able to detect illegitimate access to our databases or the theft of passwords or information, the truth is that the public offer made makes it essential not only to carry out an exhaustive internal investigation in progress, but also the promotion of the pertinent judicial investigation for the possible existence of crimes of public action that could directly affect the interests of the National State”, says the complaint signed by Ricardo Casal.
Es: Sparta Blog attack on Sercom Informatica SL potentially affected Puigcerda Hospital
Sparta Blog recently listed Sercom Informatica SL on their leak site. They also provided samples of files exfiltrated from Sercom customers, including the Hospital Puigcerda.
Although the sample was small, it revealed IP addresses, passwords in plain text, domains, subdomains, and staff emails (IT).
DataBreaches sent email inquiries to the hospital to ask if they were aware of any cyberattack on their IT provider and if their data had been acquired. No reply was received.
DataBreaches also attempted to get more information from Sparta Blog, but they did not reply.
Additional reporting and editing by Dissent.