Sebastian
4K posts
@SebaG20xx
'El Guevara' 23 | Estudiante Sansano de Informática | Python | Ciberseguridad | DestroyPhis | @EstadoDescarga
Jaime Solari, asesor de la histórica búsqueda del tesoro de Juan Fernández, aseguró en Mucho Gusto que ya tienen delimitado el lugar donde estaría escondida la fortuna estimada en hasta US$40 mil millones. Revisa cómo planean encontrarla.
🚨 CYBER THREAT ALERT: "RUTIFY" EXPOSURE CAMPAIGN TARGETING INSTITUTIONS IN CHILE 🇨🇱⚔️ A coordinated offensive has been detected, orchestrated by the threat actor "Rutify," who has released a video demonstrating multiple security breaches and infrastructure compromises across various public and private entities in Chile. The actor employs a "technical protest" narrative to highlight the vulnerability of the country's systems. Rutify operates not merely as a hacktivist group, but as a Data-as-a-Service (DaaS) provider leveraging information exfiltrated from the Chilean State. Background: The Master Breach (SERVEL): The actor confirmed that, in February 2026, they gained access to an internal database belonging to the Electoral Service (SERVEL), successfully exfiltrating records for 17 million voters. Data Enrichment: Their activities are not limited to basic data; they have integrated information from: Healthcare Systems: Access to the national hospital network and Ministry of Health (Minsal) systems, yielding medical records and personal data. Public Institutions: Employment data from the SAG (Agricultural and Livestock Service) and the Municipality of Las Condes. Financial/Pension Sector: Previously included data from AFC, AFP, and Isapres (private health insurers), although they claim to have recently removed this information in an attempt to evade Law 21.719. University Databases: Academic and contact information for students. 📑 IDENTIFIED VICTIMS (VIDEO ANALYSIS) Based on the visual evidence provided, the following entities have suffered data exfiltration or compromise of their web portals: Electoral Service of Chile (SERVEL): Exposure of electoral domicile change request receipts, including PII (Name, RUN, Email, Phone Number). Municipality of Las Condes: Compromise of internal management systems and personnel rosters. Superintendence of Health: Access to beneficiary databases, administrative requests, and accreditation reports (IBM Notes/Domino). Chilean Customs: Compromise of the transport document portal (Maritime, Land, Air). Institute of Social Security (IPS): Defacement/Hijacking of sections of the procedures and benefits portal. University of Concepción (UdeC): Takeover (Seizure) of the institution's Union No. 3 website. 🔥 ACTOR'S STRATEGY AND MESSAGE Modus Operandi: The actor combines website defacement (taking control of sites) with the publication of plaintext data dumps via online services. Distribution: The video and links to the leaked data are being promoted through their Telegram channel. 🛠️ TECHNICAL INFRASTRUCTURE AND MONETIZATION The group operates in a professionalized manner through the use of APIs: Business Model: They offer an API that allows for automated queries based on an individual's RUN (National ID number) or name. Data Structure (JSON): Their API delivers complete profiles that include: RUN, name, gender, exact address (street, number, commune, region), email, date of birth, and nationality. RECOMMENDATIONS FOR THE STATE OF CHILE Health API Audit: It is critical to investigate how the group maintains persistent access to national hospital systems in order to perform real-time searches. Identity Protection: Given that 100% of the voter base (17 million individuals) is now in the hands of this actor, institutions must assume that the RUN and address of any Chilean citizen are, *de facto*, public data. Traffic Monitoring: Block requests originating from or directed toward api.rutificador(.)live. IOCs: 173.234.15(.)187 52.14.32(.)237 Monitor: analyzer.vecert.io #Cybersecurity #HackeoChile #DataBreach #Rutify #InfoSec #Hacking #VECERT
