Httpx.async

@janethinostroza @visionariasec Digan que se intentó defender y lo revientan a balas

URGENTE 🚨 Esta madrugada cayó alias el “Gordo Paúl”, peso pesado de Los Lobos en Quito. Un equipo de VISIONARIAS estuvo en el operativo comandado por el Ministro del Interior Jhon Reinberg. Los detalles en Check List ✅ de @Visionariasec a las 8:30 y más detalles en Vis a Vis con Janet HInostroza a las 9:00am. Conéctate a Visionariasec en YouTube o a mi X en vivo. @MinInteriorEc @PoliciaEcuador #CayóGordoPaúl

cybersecurity

@Justiciero17530 Que perro 4sco hpta

la narco cultura está matando a la juventud de nuestro país💔

La venezolanización de esta patria, cada día más real. RIP Ecuador.

@eluniversocom Los chinos si que saben evadir impuestos…

Las nuevas unidades permitirán mejorar la movilidad militar y aumentar la presencia en sectores conflictivos, especialmente en Guayaquil y otros cantones ow.ly/GOpN50YYmjG

@BFrog__ Israel

genio: tienes 3 des- peru:

Inject me with hantavirus and launch me at Tel Aviv, I'm ready

@DarkWebInformer Hitlern

Hello world

@Justiciero17530 Puro cholito ignorante

estos son los barrios del ecuador dominados por el crimen organizado, ellos imponen sus leyes y crean miedo en los sectores del país con su narco cultura, ya es momento que se dediquen a trabajar por la seguridad del país.

@xPodrii :v

:v

📄 INTELLIGENCE REPORT: DIGERCIC, Access Vectors, and the Evolution to "GordonFreeman" The recent announcement regarding the leak of 14.8 million records and 10.6 million images—attributed to Ecuador's Civil Registry (DIGERCIC) by the threat actor "GordonFreeman"—is, in reality, a repackaging of data. Technical analysis confirms that this information was exfiltrated from the Ministry of Public Health (MSP) systems in 2025, during the period when the actor was operating under the alias "Gatito_FBI." 1. Database Discrepancy (DIGERCIC vs. MSP) The actor's claim of having breached the Civil Registry is refuted upon analyzing the database columns exposed in the provided evidence. In the most recent breach, the following SQL insertion structure was observed: The presence of fields such as [Approximate_Age], [Contact_Name], [Relationship], and [Contact_Phone] are characteristic indicators of a medical file or emergency clinical record. Formal civil registry records utilize exact dates of birth and do not require recording the "relationship" of an emergency contact in this manner. This confirms that the origin of the data lies within the Ministry of Public Health's system. Concurrently with these records, it was verified that the actor was extracting facial images associated with these medical files. 2. Detected Attack Vector: Infostealers and Scraping The initial intrusion did not stem from a sophisticated cyberattack against the infrastructure (such as a zero-day exploit), but rather from the exploitation of the identity supply chain: Initial Access: The primary vector detected involves the consumption of Infostealer logs (malware designed to steal credentials saved in web browsers). The actor obtained valid credentials belonging to officials or authorized medical personnel who had been previously infected, thereby gaining legitimate access to the MSP's internal portals. Mass Exfiltration: Once the authentication perimeter was breached, the attacker deployed automated scraping tools to iterate through records and systematically download both textual information and a massive volume of facial photographs. ⏱️ Complete Attribution Timeline (Gatito_FBI → ​​GordonFreeman) The tactic of recycling data from 2025 and presenting it in 2026 under a new name stems from a criminal marketing campaign designed to establish the new identity. Below is the complete operational history demonstrating this migration and the actor's fixation on critical infrastructure in Latin America. Phase 1: Operations under the alias "Gatito_FBI" (August 2025) Aug 05, 2025 | Venezuela: Leak of 2.9 million records pertaining to minors. Aug 05, 2025 | Peru: Reported breaches at Sanipes, UPC, and the Izipay payment gateway database. Aug 07, 2025 | Colombia: Leak of internal documents and multimedia files from the Judicial Branch. Aug 13, 2025 | Peru: Monetization via a doxing bot (FenixBot) and the leak of 440,000 records—including National ID numbers (DNI) and photos—from the Ministry of Labor. Aug 17, 2025 | Bolivia: Exposure of military data (Ministry of Defense – Relief Services). Aug 24, 2025 | Ecuador: Official announcement of a massive leak targeting the Ministry of Public Health (MSP) (The actual source of the data recently presented as DIGERCIC). Phase 2: Identity Migration to "GordonFreeman" (Early 2026) The actor abandons their public Telegram profile and professionalizes their approach, shifting focus toward targets with higher financial profitability (banks, fintechs, and massive government databases). Jan 30, 2026 | Venezuela: Fintech CASHEA (Accounts, phone numbers, RIFs). Feb 01, 2026 | Ecuador & Spain: Access to the Arms Control Agency (Ecuador) and the Ministry of Universities (Spain). Feb 05, 2026 | International: Compromise of Air France (2M users), Flair Airlines, and the Argentine Air Force. Feb 06 – 07, 2026 | Paraguay: Breaches at the Office of the Comptroller General (340K) and DINAC. Feb 10 – 11, 2026 | Venezuela (Financial): Compromise of the Central Bank of Venezuela (BCV) webmail and 65K accounts from Bancrecer Bank. Feb 15, 2026 | Panama: Fintech ZINLI (50K users). Mar 04, 2026 | Global: 25K international passports exposed. Apr 03, 2026 | Ecuador & Chile: ANT Ecuador (17M vehicles) and 10M records in Chile. Apr 04 – 15, 2026 | Paraguay & Venezuela: Civil Registry of Paraguay (5M), CORPOELEC electrical system, and SENIAT (13.8M tax records). Apr 18 – 22, 2026 | Venezuela: Data extraction at CONVIASA (165GB), police database, and PDVSA (Emails/Identities). Apr 28 – 30, 2026 | Guatemala: RENAP (18M records), SAT (5.6M vehicles), and Ministry of Education (150K). May 05, 2026 | Ecuador (Recent Incident): Publication of 14.8M data records and 10.6M images. Falsely attributed to DIGERCIC; the data and photographs were originally scraped from the MSP in August 2025 using access credentials obtained via Infostealer logs. The transition from the alias Gatito_FBI to GordonFreeman represents a tactical and operational maturation toward high-financial-impact cybercrime in Latin America. The actor has left behind public exposure and low-level fraud on open forums to focus on the exfiltration and monetization of critical, banking, and government infrastructure. Technical analysis conclusively demonstrates that the incident publicized as a breach of DIGERCIC is, in reality, "data recycling." By repackaging information scraped from the Ministry of Public Health in 2025—obtained using official credentials compromised by info-stealers—the attacker seeks to artificially inflate their technical reputation and the commercial value of the data on underground markets. This behavioral pattern underscores that the true current risk to these organizations does not necessarily lie in zero-day vulnerabilities within their perimeter, but rather in the systematic exploitation of the digital identity supply chain. Mitigating this threat requires prioritizing the active invalidation of credentials exposed in malware logs and strengthening the monitoring of automated access (scraping prevention) to interconnected state databases. #GordonFreeman #GatitoFBI #ThreatActor #Infostealer #Scraping #DataRecycling

🚨 CRITICAL CYBERINTELLIGENCE ALERT: MASSIVE NATIONAL IDENTITY BREACH – DIGERCIC ECUADOR 🇪🇨👤📂🔓 [STATUS: EXTREME THREAT] A catastrophic compromise has been detected within the infrastructure of Ecuador's General Directorate of Civil Registry, Identification, and Cedulation (DIGERCIC). Threat actor "GordonFreeman," operating under the collective L4TAMFUCKERS, claims to have completely breached the national system, exfiltrating the identity data of virtually the entire population holding national ID cards. 🏢 Affected Entity: DIGERCIC (Ecuador's Civil Registry). 👤 Threat Actors: GordonFreeman, Izanagi, and YoSoyGroot (L4TAMFUCKERS). 📂 Compromised Assets: SQL database and a massive repository of identification images. 📊 Leak Volume: 14.8 million data records (10.8 GB in SQL). 10.6 million high-definition images of national ID cards (165 GB). 📅 Publication Date: May 4, 2026. 📊 Breach Scope (PII and Facial Biometrics) The magnitude of this attack implies that the attackers possess the capability to reconstruct the legal identity of the majority of Ecuadorian citizens: Alphanumeric Data: Full names, national ID numbers, dates of birth, marital status, digitized fingerprints, and signatures. Visual Evidence: The 10.6 million HD images correspond to facial photographs captured for the issuance of identity documents, thereby enabling biometric impersonation attacks. Infrastructure: The use of SQL dumps suggests deep-level access to the Civil Registry's master tables. 🛡️ Immediate Response Recommendations 🔒 Isolation of Critical Servers: DIGERCIC must declare a state of cybersecurity emergency and audit all data exfiltration points within its internal networks. 🔑 Financial System Alert: Banks and credit unions in Ecuador must enhance their identity verification protocols, exercising caution regarding validations based solely on photos of national ID cards. Monitor: analyzer.vecert.io #CyberSecurity #Ecuador #DIGERCIC #DataBreach #L4TAMFUCKERS #RegistroCivil #Identity #PII #VECERT #InfoSec 🇪🇨🛡️⚠️🚨👤

@mariabonita778 @ElDatoEcu Es un medio pautado que esperas

@ElDatoEcu La ignorancia es atrevida. Si hay vínculo con lavado el q debe responder es el representante LEGAL, y no es él. Q falta hacen los periódicos de antes q era serios y la gente podía instruirse e informarse. Actualmente, solo son marketing irracional, promueven el odio.

🚨ÚLTIMA HORA: Ex presidente de la República y dueño del Banco Guayaquil, Guillermo Santiago Lasso Mendoza, salió esta tarde del país, vía aérea a Madrid, luego de que se anunciara la investigación a su banco. Noticia en desarrollo.

@MrLinkEc Hay paginas como ecuador legal online que ya dan fotos del rostro.... tal vez ya compraron esa DB

Yo creo que el Actor de estas filtraciones #G0rd0nFreem4n anda chiro que no sabe como vender las bases de datos y quiere vender con el miedo, ojo esto no quita los riesgos y la prevención que deben tomar con cualquier filtración vieja o actual.

@DarkWebInformer Old db

1/2‼️🇪🇨 DIGERCIC (Dirección General de Registro Civil, Identificación y Cedulación), the Ecuadorian government civil registry agency, has allegedly been breached, with 14.8 million records and 10.6 million high-definition ID card images leaked. ⠀ ‣ Threat Actor: GordonFreeman (joint operation with Izanagi & YoSoyGroot, under L4TAMFUCKERS team) ‣ Category: Data Leak ‣ Victim: DIGERCIC Ecuador ‣ Industry: Government / National ID Registry ⠀ The threat actors claim to have completely breached the DIGERCIC system, exfiltrating the entire national civil registry along with HD biometric images linked to citizen ID cards. The leak is presented as a "national alert" against Ecuador. Total dataset size: 165 GB of images plus 10.8 GB of SQL data. ⠀ What's in it: ⠀ ▪️ 14.8 million records ▪️ 10.6 million high-definition ID card photographs linked to national ID numbers ▪️ Personal data fields: - National ID (cédula) - Full name - Sex / gender - Civil status (single, married, divorced, widowed) - Nationality - Place and date of birth - Residence (address) - Telephone and cell phone numbers - Approximate age - Family/relative information (parents, spouse, other family contacts) - Province / canton / parish data (e.g., Pichincha, Quito, González Suárez)

@OjoSecoEcuador @RegistroCivilec DB vieja del msp

🚨 Terrible!!! Se reporta una filtración masiva de datos del @RegistroCivilec, donde supuestamente hackers accedieron a información personal de millones de ciudadanos, incluyendo nombres, números de cédula, fechas de nacimiento e incluso fotos de las cédulas. Esto significaría que terceros podrían tener suficiente información para hacerse pasar por otras personas, cometer fraudes o suplantar identidades. @VECERTRadar

@DailyDarkWeb Es una db vieja

🇪🇨 [NATIONAL ID BREACH CLAIM] Ecuador – DIGERCIC A threat actor is claiming a massive breach of Ecuador’s civil registry (DIGERCIC) system. Claimed impact: • Target: Dirección General de Registro Civil (Ecuador) • Records: 14.8 million individuals • Images: 10.6 million (high-definition) • Data type: National ID / civil registry information ⚠️ Initial assessment: • If accurate, this represents near population-scale exposure • Likely includes: • Full names • National ID numbers (cédula) • Birth records • Biometric / ID photos Risk perspective: • Critical national security + identity risk • Enables: • Identity theft at scale • Synthetic identity creation • Election / fraud manipulation scenarios • Cross-border criminal abuse • High-quality images → potential facial recognition misuse Red flags / considerations: • Actor uses hype language (“completely breached”) • No verifiable structured sample shown • Volume (14.8M) roughly aligns with Ecuador population → plausible but needs validation • Joint operation claim → possible: • Collaboration branding • Or credibility inflation 🔐 Recommended actions: • Treat as HIGH PRIORITY – requires immediate validation • Monitor: • Sample releases • Government response • Secondary forum confirmations • For organizations: • Increase fraud monitoring for Ecuador-based identities • Watch for credential stuffing / identity reuse patterns Current status: Unverified – HIGH impact if confirmed #DDW #Intelligence #DataBreach #CyberThreat #IdentityTheft #OSINT

@GYEplomoydolor 1 minuto de silencio por los angelitos caídos

☠️💥🩸ASÍ FUE COMO LOS MATARON #Viaalacosta Se puede observar como el sicario se baja de la moto y sigilosamente se acerca a sus víctimas matándolas sin remordimiento! Sucedió el último día del feriado!!!

@MinMedio Lacra colombiana irrespetuosos como los venecos

#Guayaquil Un sujeto colombiano no residente intentó ingresar a la fuerza a una urbanización ubicada en Mucho Lote , al momento de ser desalojado amenazó al personal de seguridad.

🚨 FINANCIAL INTELLIGENCE ALERT: MASSIVE LEAK – UNIVERSITY OF SAN CARLOS OF GUATEMALA (USAC) 🇬🇹🎓🏦🔓 A critical security compromise has been detected affecting the Integrated Financial Information System (SIIF) of the University of San Carlos of Guatemala (USAC). Threat actor MrGoblinciano has published a database containing sensitive financial information regarding the institution's employees. 🏢 Affected Entity: University of San Carlos of Guatemala (USAC). 👤 Threat Actor: MrGoblinciano. 🌐 Compromised System: USAC - SIIF (Integrated Financial Information System). 📅 Data Period: Information corresponding to the years 2025 and 2026. 📊 Scope of the Breach (PII and Banking Data) The leak exposes critical financial fields that enable precise economic profiling of the teaching and administrative staff: Official Identity: Names of recipients and their CUI (Unique Identification Code) numbers. Banking Information: Bank names and bank account numbers. Payroll Details: Deposit amounts (in figures and words) and transaction dates. Organizational Structure: Specific university departments where the affected individual is employed. 🛡️ Immediate Response Recommendations 🔒 Change Bank Accounts: USAC personnel are advised to consult with their banking institutions regarding the possibility of changing their account numbers or, at a minimum, activating enhanced security alerts. 🔑 SIIF Security: The university must immediately audit SIIF access logs to identify the exfiltration vector and close any persistent vulnerabilities. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #USAC #SIIF #DataBreach #Finance #CUI #MrGoblinciano #VECERT #InfoSec 🇬🇹🛡️⚠️🚨🏦

@jonathux El weso

Ahora el #ciberataque le tocó a la #USAC, en donde extrajeron datos financieros sensibles de cuentas bancarias y otra información comprometedora. Habrá que esperar la comunicación oficial y tmb ver cómo gestionan la crisis.