Facundo Ruiz retweetledi
🚨 STRATEGIC CYBERINTEL ALERT: ALLEGED LEAK OF POLICE DATA, CREDENTIALS, AND BIOMETRICS — BUENOS AIRES CITY POLICE 🇦🇷
⚠️ THREAT ACTOR "SKULL1172" (#ESQUELESQUAD) EXFILTRATES 2 GB OF SENSITIVE DATA, FACIAL PHOTOGRAPHS, AND ACCESS LOGS — WHAT APPEARS TO BE "PART 2" OF A PREVIOUS LEAK
[STATUS: UNDER INVESTIGATION; NO OFFICIAL CONFIRMATION]
Through the monitoring of underground forums, a critical post was detected today, authored by the threat actor known as Skull1172.
The attacker announces "Part 2" of a data leak targeting the Buenos Aires City Police, claiming to possess 2 GB of data exfiltrated recently (dated 2026). The severity of this breach lies in the level of detail within the exposed information: it includes not only confidential documents, transaction records, and prisoner data, but also exposes a structured registry of police officers—complete with their facial photographs in Base64 format—alongside passwords for government portals.
🎯 Affected Entity: Buenos Aires City Police (Security Forces / Public Sector, Argentina 🇦🇷).
👤 Threat Actor: Skull1172 / #EsqueleSquad.
📂 Exfiltrated Volume: 2 GB (JSON Format).
⚙️ Incident Type: Institutional Database Exfiltration, Credential Theft (Infostealer), and Biometric Data Breach.
⚠️ Verification Status: The provided samples (PROOFS) include screenshots of the police intranet displaying the photograph and personnel file of Officer Luis Carlos Sena, as well as actual JSON dumps containing the CUIL, DNI, police ranks, and email addresses of multiple officers. 📊 TECHNICAL BREAKDOWN AND IMPACT VECTORS
Analysis of the samples provided by the threat actor reveals two distinct vectors of compromise that have converged in this data leak:
🪪 Personnel Database Breach (HR/Operations):
The JSON dump exposes the complete profiles of officers: Internal ID, Personnel File Number (LP), National ID (DNI), Tax ID (CUIL), Rank (Grade), Full Name, and multiple email addresses (@policiadelaciudad.gob.ar, @buenosaires.gob.ar, and personal accounts), along with direct mobile phone numbers.
The inclusion of facial photographs (Base64-encoded within the full database dump) irremediably compromises the physical identity of agents operating in sensitive divisions (e.g., Urban Transport Security, Investigations).
🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS
🛑 Mass Credential Rotation and Access Revocation: The Ministry of Justice and Security of the City of Buenos Aires must force a password reset across all web portals (policiadelaciudad.gob.ar and buenosaires.gob.ar), implementing mandatory Multi-Factor Authentication (MFA) that does not rely on SMS (given that phone numbers were also leaked).
🔒 Alert to the Financial System (BCRA): Notify the Argentine banking network to flag the National IDs (DNI) and Tax IDs (CUIL) of the exposed officers on enhanced monitoring lists, requiring in-person validation for the opening of any new credit products.
⚡ MONITORING AND ASSESSMENT
🌐 Intelligence System: analyzer.vecert.io
🛡️ Quickly assess your website's security with: monitor.vecert.io
#CyberSecurity #DataBreach #Argentina #PoliciaDeLaCiudad #EsqueleSquad #BiometricLeak #Infostealer #IdentityTheft #ThreatIntelligence #CiberAlerta #VECERT #Infosec
English
