Jonathan Lara
4.6K posts
@jonathux
ISO 31000/27032 Security & Cybersecurity Risk Advisor. Investigación, análisis y control de riesgos y amenazas de seguridad y ciberseguridad.
MADRUGADA: Incendio en bodega y tienda de productos asiáticos, en kilómetro 16.5 de Carretera a El Salvador.
🚨 INTELLIGENCE ALERT: INTRUSION AND DEFACEMENT CAMPAIGN – GOVERNMENT TARGETS (GUATEMALA) 🇬🇹💻⚠️ A series of active compromises targeting critical infrastructure and government portals in Guatemala has been detected. The threat actor, operating through a Telegram channel, has leaked administrative access credentials and executed defacement attacks (visual alteration) on service portals. Threat Actor: NemorisHacking 🌐 Origin: Identified as being linked to the group JXLLTEAM, which is associated with the alias KeyBreaker. ⚠️ Status: ACTIVE OFFENSIVE. 📅 Date: April 30, 2026. 📊 TTPs and Methodology (Tactics, Techniques, and Procedures) The actor employs public exposure techniques and credential compromise to demonstrate control over the systems: Attack Vector: Probable compromise via information stealers or brute force, given that user credentials and passwords for official portals have been published in plaintext. Web Defacement: Alteration of legitimate websites to display messages from the group, utilizing archiving services (web.archive.org) to preserve evidence of the attack. Credential Exfiltration: Direct publication of administrative login credentials on Telegram channels to facilitate third-party access to State systems. Use of External Forums: Utilization of free forum platforms (foroactivo.com, crearforo.net) to centralize their "special services" and operations. 🎯 Identified Victims The attack has impacted key institutions within the Guatemalan government: Office of the Attorney General (PGN): Asset: pgn.gob.gt. Compromise: Leak of username and password. Superintendence of Telecommunications (SIT): Asset: sit.gob.gt. Compromise: Exposure of access credentials. Financial Services / Virtual POS: Asset: posvirtual.gt. Attack: Confirmed defacement across multiple platform routes. 🛡️ Immediate Response Recommendations 🔒 Credential Reset: The PGN and SIT are urged to immediately invalidate compromised accounts and perform a global rotation of administrative passwords. 🔑 MFA Implementation: Enable Multi-Factor Authentication on all single-window portals and citizen services. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #PGN #SIT #DataBreach #Defacement #NemorisHacking #JXLLTEAM #VECERT #InfoSec 🇬🇹🛡️⚠️🚨🏛️
#NACIONALES 🇬🇹 | RENAP y SAT desmienten hackeo de datos y refuerzan medidas de ciberseguridad El Registro Nacional de las Personas y la Superintendencia de Administración Tributaria emitieron un comunicado conjunto para desmentir la información que circuló en redes sociales sobre un supuesto hackeo de datos en ambas instituciones, asegurando que mantienen activos anillos de seguridad y monitoreos constantes para prevenir cualquier incidente de ciberseguridad que pueda afectar a los usuarios e inscritos. Vía: Wendy Reyes Para más información y cobertura de noticias, síganos en nuestras redes. #PeriodismoQueDaLaCara
1/2‼️🇬🇹 RENAP (Registro Nacional de las Personas) and SAT (Superintendencia de Administración Tributaria), Guatemala's national civil registry and tax authority, have allegedly been breached, with 18M citizen records and 5.6M vehicle records leaked on a popular cybercrime forum. The actor is demanding 2 BTC and threatening to put the entire country's data up for sale. ⠀ ‣ Threat Actor: GordonFreeman (in coordination with Team L4TAMFUCKERS, Izanagi, cantpwn, YoSoyGroot) ‣ Category: Government Data Leak / Extortion ‣ Victim: RENAP & SAT (Government of Guatemala) ‣ Industry: Government / National Registry / Tax Authority ⠀ The actor states this is part of a coordinated wave of attacks against Guatemala's digital infrastructure. The post claims persistence has been established across all vulnerable government sites, with a direct extortion threat issued to the nation. ⠀ What's in it: ⠀ RENAP (18M records): ▪️ 18,000,000 citizen records ▪️ Birth certificates (Certificado de Nacimiento) ▪️ Marriage certificates ▪️ Death certificates ▪️ Full names and surnames (paternal and maternal) ▪️ National ID numbers (DPI / CUI) ▪️ Dates and places of birth ▪️ Parents' full data (mother and father, with photos) ▪️ Citizen photographs ▪️ Gender, place of origin, municipality ▪️ Verifier codes and registry IDs ⠀ SAT (5.6M vehicle records): ▪️ 5,600,000 vehicle records ▪️ Detailed vehicle ownership data ▪️ Current license plates ▪️ Tax ID (NIT) and CUI numbers ▪️ Owner's full name and fiscal address ▪️ Intended use, type, make, line/style, series, model ▪️ Engine number, chassis number, VIN ▪️ Displacement (CC), cylinders, tonnage ▪️ Seating capacity, watts/kilowatts, axles, doors ▪️ Fuel type and color ▪️ Solvency number and date ▪️ Franchise number and date ▪️ Customs office of liquidation ▪️ Insurance policy details ▪️ Registration date, last year paid, current status ▪️ Electronic Circulation Cards (Tarjeta de Circulación) ▪️ Electronic Ownership Certificates (Certificado de Propiedad de Vehículos) ⠀ Extortion demands: ⠀ ▪️ Ransom: 2 BTC ▪️ Threat: Entire country's data put up for sale if not paid within days ▪️ Threat: Continued siege of targeted attacks against government systems ▪️ Claim: Persistence established across all vulnerable sites
1/2‼️🇬🇹 RENAP (Registro Nacional de las Personas) and SAT (Superintendencia de Administración Tributaria), Guatemala's national civil registry and tax authority, have allegedly been breached, with 18M citizen records and 5.6M vehicle records leaked on a popular cybercrime forum. The actor is demanding 2 BTC and threatening to put the entire country's data up for sale. ⠀ ‣ Threat Actor: GordonFreeman (in coordination with Team L4TAMFUCKERS, Izanagi, cantpwn, YoSoyGroot) ‣ Category: Government Data Leak / Extortion ‣ Victim: RENAP & SAT (Government of Guatemala) ‣ Industry: Government / National Registry / Tax Authority ⠀ The actor states this is part of a coordinated wave of attacks against Guatemala's digital infrastructure. The post claims persistence has been established across all vulnerable government sites, with a direct extortion threat issued to the nation. ⠀ What's in it: ⠀ RENAP (18M records): ▪️ 18,000,000 citizen records ▪️ Birth certificates (Certificado de Nacimiento) ▪️ Marriage certificates ▪️ Death certificates ▪️ Full names and surnames (paternal and maternal) ▪️ National ID numbers (DPI / CUI) ▪️ Dates and places of birth ▪️ Parents' full data (mother and father, with photos) ▪️ Citizen photographs ▪️ Gender, place of origin, municipality ▪️ Verifier codes and registry IDs ⠀ SAT (5.6M vehicle records): ▪️ 5,600,000 vehicle records ▪️ Detailed vehicle ownership data ▪️ Current license plates ▪️ Tax ID (NIT) and CUI numbers ▪️ Owner's full name and fiscal address ▪️ Intended use, type, make, line/style, series, model ▪️ Engine number, chassis number, VIN ▪️ Displacement (CC), cylinders, tonnage ▪️ Seating capacity, watts/kilowatts, axles, doors ▪️ Fuel type and color ▪️ Solvency number and date ▪️ Franchise number and date ▪️ Customs office of liquidation ▪️ Insurance policy details ▪️ Registration date, last year paid, current status ▪️ Electronic Circulation Cards (Tarjeta de Circulación) ▪️ Electronic Ownership Certificates (Certificado de Propiedad de Vehículos) ⠀ Extortion demands: ⠀ ▪️ Ransom: 2 BTC ▪️ Threat: Entire country's data put up for sale if not paid within days ▪️ Threat: Continued siege of targeted attacks against government systems ▪️ Claim: Persistence established across all vulnerable sites
🚨 NATIONAL SECURITY ALERT: DIGITAL INFRASTRUCTURE COLLAPSE – GUATEMALA (RENAP & SAT) 🇬🇹🏛️🚗🔓 The most severe threat to Guatemala's digital sovereignty in its history has been detected. Threat actor GordonFreeman, in coordination with the group Team L4TAMFUCKERS, claims to have breached the entirety of the RENAP and SAT systems, exfiltrating the identity data of the entire population and the country's complete vehicle registry. 🏢 Affected Entities: RENAP: National Registry of Persons. SAT: Superintendence of Tax Administration. 👤 Threat Actors: GordonFreeman, Izanagi, cantpwn, and YoSoyGroot (Team L4TAMFUCKERS). 📊 Breach Volume: 18 Million Records (RENAP): Birth, marriage, and death certificates, as well as biometric and sensitive data for the entire nation. 5.6 Million Vehicle Records (SAT): Ownership data, Tax ID numbers (NIT), names, tax addresses, chassis numbers, engine numbers, license plates, and electronic ownership certificates. 📊 Breach Scope (Absolute Exposure) The leak grants total control over citizens' identities and property: Civil Identity: Access to the complete database of Guatemalan citizens, spanning from birth to death. Vehicle Information: Exhaustive details on every vehicle in the country, including Electronic Circulation Cards and Titles of Ownership. Persistence: The attackers claim to have established persistence within the infrastructure, meaning they maintain hidden access points even if attempts are made to close known vulnerabilities. 🛡️ Immediate Response Recommendations 🔒 Declaration of Digital Emergency: The Government of Guatemala must immediately activate its national security and cyber defense protocols. 🔑 Privileged Account Audit: It is imperative to conduct a threat hunt to locate the persistence points and web shells that the group claims to have installed. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #RENAP #SAT #DataBreach #L4TAMFUCKERS #GordonFreeman #NationalEmergency #VECERT #InfoSec 🇬🇹🛡️⚠️🚨🏛️
🚨 CYBERINTEL ALERT: MASSIVE DATA LEAK – UNIVERSIDAD RAFAEL LANDÍVAR (URL) 🇬🇹🎓🛡️ A critical privacy breach has been detected affecting the Universidad Rafael Landívar in Guatemala. Threat actor MrGoblinciano (the same individual linked to the recent USAC leak) has published a massive data package that compromises the visual and personal identities of the university community. 🏢 Affected Entity: Universidad Rafael Landívar (URL), Guatemala. 👤 Threat Actor: MrGoblinciano. 📂 Leak Volume: 84,620 photographs of students and faculty members. Database in JSON format (1.54 MB). Total package size: 20 GB. 📊 Breach Scope (PII and Facial Biometrics) The leak directly links personal images with academic and civil data: Identity Photographs: Images of 84,620 individuals, used for ID cards and official records. Academic Identification: The University ID number, which serves as an access key to internal services. Personal Information (PII): Full names and dates of birth (as observed in the sample for Vanessa Isabela Flores Hernández). Data Association: The structure of the leak allows for cross-referencing a photograph with the exact name and age of the student or professor. 🛡️ Immediate Response Recommendations 🔒 Credential Change: The entire Landivariana community is urged to change the passwords for their institutional email accounts and student/faculty portals. 🔑 Academic Security: The university should consider invalidating and reissuing the most sensitive ID numbers, or implement Multi-Factor Authentication (MFA) methods for service access. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #URL #UniversidadRafaelLandivar #DataBreach #MrGoblinciano #PII #Privacy #InfoSec 🇬🇹🛡️⚠️🚨🎓
Ahora el #ciberataque le tocó a la #USAC, en donde extrajeron datos financieros sensibles de cuentas bancarias y otra información comprometedora. Habrá que esperar la comunicación oficial y tmb ver cómo gestionan la crisis.
🇬🇹 Guatemala Government Data Exposure — 200K+ Users A threat actor claims to have accessed the Guatemala Ministry of Labor and Social Welfare (tuempleo.mintrabajo.gob.gt) via an unsecured API. The exposed data reportedly includes 200,000+ user records along with ~40GB of CVs and internal documents. Compromised information allegedly contains: Full names, date of birth, and national ID (DPI) Phone numbers, email addresses, and home addresses Employment history, salary, and job applications Uploaded resumes (CVs) and internal system data The actor claims the system had no authentication or access controls, allowing full data extraction. ⚠️ Status: Unverified — based on underground forum activity ⚠️ Potential impact is severe, including identity theft, fraud, and large-scale social engineering #DDW #DataLeak #Guatemala #CyberSecurity #DarkWeb #DataBreach #Infosec
Ahora el #ciberataque le tocó a la #USAC, en donde extrajeron datos financieros sensibles de cuentas bancarias y otra información comprometedora. Habrá que esperar la comunicación oficial y tmb ver cómo gestionan la crisis.
🚨Alerta de seguridad: reportan masiva filtración de datos del Ministerio de Trabajo Una alerta de ciberseguridad difundida este domingo advierte sobre una presunta filtración masiva de datos del Ministerio de Trabajo y Previsión Social de Guatemala, específicamente del portal tuempleo.mintrabajo.gob.gt. Según el reporte, los actores de amenazas identificados como Izanagi, GordonFreeman y cantpwn, del grupo L4TAMFUCKERS, aseguran haber comprometido la API del sitio. El incidente habría expuesto más de 200,000 registros de usuarios y 40 GB de currículums en PDF. La información presuntamente filtrada incluye nombres completos, números de DPI, teléfonos, correos, direcciones, datos salariales, historial académico y laboral, etnia y comunidad lingüística. La alerta recomienda al Gobierno desactivar de inmediato la API afectada y a los ciudadanos monitorear movimientos inusuales en SAT o entidades bancarias ante posible uso indebido del DPI. Hasta ahora, el MINTRAB no ha emitido un pronunciamiento oficial. Fuentes de ciberseguridad comparan la gravedad del caso con la filtración reportada previamente en DIGECAM. #Guatemala #Ciberseguridad #MINTRAB
🚨 FINANCIAL INTELLIGENCE ALERT: MASSIVE LEAK – UNIVERSITY OF SAN CARLOS OF GUATEMALA (USAC) 🇬🇹🎓🏦🔓 A critical security compromise has been detected affecting the Integrated Financial Information System (SIIF) of the University of San Carlos of Guatemala (USAC). Threat actor MrGoblinciano has published a database containing sensitive financial information regarding the institution's employees. 🏢 Affected Entity: University of San Carlos of Guatemala (USAC). 👤 Threat Actor: MrGoblinciano. 🌐 Compromised System: USAC - SIIF (Integrated Financial Information System). 📅 Data Period: Information corresponding to the years 2025 and 2026. 📊 Scope of the Breach (PII and Banking Data) The leak exposes critical financial fields that enable precise economic profiling of the teaching and administrative staff: Official Identity: Names of recipients and their CUI (Unique Identification Code) numbers. Banking Information: Bank names and bank account numbers. Payroll Details: Deposit amounts (in figures and words) and transaction dates. Organizational Structure: Specific university departments where the affected individual is employed. 🛡️ Immediate Response Recommendations 🔒 Change Bank Accounts: USAC personnel are advised to consult with their banking institutions regarding the possibility of changing their account numbers or, at a minimum, activating enhanced security alerts. 🔑 SIIF Security: The university must immediately audit SIIF access logs to identify the exfiltration vector and close any persistent vulnerabilities. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #USAC #SIIF #DataBreach #Finance #CUI #MrGoblinciano #VECERT #InfoSec 🇬🇹🛡️⚠️🚨🏦
Hackeo al @MINTRABAJOGuate: "El servidor del portal de empleo aún aceptaba conexiones con TLS 1.0 y TLS 1.1, protocolos que la industria declaró obsoletos en 2020. No soportaba TLS 1.3, el estándar actual. Ninguno de los 14 subdominios del ministerio implementaba Content-Security-Policy ni HSTS, las dos defensas más básicas que un servidor web puede tener." vectorcritico.com/continua-domin…
🚨 NATIONAL SECURITY ALERT: MASSIVE DATA LEAK FROM THE MINISTRY OF LABOR – GUATEMALA 🇬🇹🏛️🔓 A security compromise of extreme severity has been detected, affecting Guatemala’s Ministry of Labor and Social Welfare (MINTRABAJO). Threat actors Izanagi, GordonFreeman, and cantpwn claim to have breached the entire API of the government employment portal (tuempleo.mintrabajo.gob.gt), exposing the identities and employment histories of hundreds of thousands of Guatemalans. 🏢 Affected Entity: Ministry of Labor and Social Welfare (Guatemala). 👤 Threat Actors: Izanagi, GordonFreeman, cantpwn (L4TAMFUCKERS). 📂 Leak Volume: +200,000 detailed user records. 40 GB of PDF files (original Curriculum Vitae). 📅 Publication Date: April 26, 2026. 📊 Scope of the Breach (PII and Employment Data) This leak is one of the most invasive recorded in the region, as it combines official identity data with socioeconomic profiles: Official Identity: Full names and DPI (Personal Identification Document) numbers. Contact and Location: Phone numbers (multiple lines), email addresses, and residential addresses (categorized by department and municipality). Socioeconomic Profile: Date of birth, last reported salary, employment status, ethnicity, and linguistic community. Academic and Professional History: Educational levels, universities attended, degrees obtained, and languages spoken. Attached Documentation: Direct access to the 40 GB of PDF CVs, which contain photos, personal references, and complete employment histories. 🛡️ Immediate Response Recommendations 🔒 Urgent API Shutdown: The Government of Guatemala must immediately deactivate the API for tuempleo.mintrabajo.gob.gt to halt the ongoing data exfiltration. 🔑 DPI Monitoring: Guatemalan citizens are advised to watch for any unusual activity or transactions involving the SAT or banking institutions. Monitor: analyzer.vecert.io #CyberSecurity #Guatemala #MINTRABAJO #DataBreach #DPI #L4TAMFUCKERS #TuEmpleo #VECERT #InfoSec #CyberCrime 🇬🇹🛡️⚠️🚨
🇬🇹 Guatemala Government Data Exposure — 200K+ Users A threat actor claims to have accessed the Guatemala Ministry of Labor and Social Welfare (tuempleo.mintrabajo.gob.gt) via an unsecured API. The exposed data reportedly includes 200,000+ user records along with ~40GB of CVs and internal documents. Compromised information allegedly contains: Full names, date of birth, and national ID (DPI) Phone numbers, email addresses, and home addresses Employment history, salary, and job applications Uploaded resumes (CVs) and internal system data The actor claims the system had no authentication or access controls, allowing full data extraction. ⚠️ Status: Unverified — based on underground forum activity ⚠️ Potential impact is severe, including identity theft, fraud, and large-scale social engineering #DDW #DataLeak #Guatemala #CyberSecurity #DarkWeb #DataBreach #Infosec
🇬🇹 Guatemala Government Data Exposure — 200K+ Users A threat actor claims to have accessed the Guatemala Ministry of Labor and Social Welfare (tuempleo.mintrabajo.gob.gt) via an unsecured API. The exposed data reportedly includes 200,000+ user records along with ~40GB of CVs and internal documents. Compromised information allegedly contains: Full names, date of birth, and national ID (DPI) Phone numbers, email addresses, and home addresses Employment history, salary, and job applications Uploaded resumes (CVs) and internal system data The actor claims the system had no authentication or access controls, allowing full data extraction. ⚠️ Status: Unverified — based on underground forum activity ⚠️ Potential impact is severe, including identity theft, fraud, and large-scale social engineering #DDW #DataLeak #Guatemala #CyberSecurity #DarkWeb #DataBreach #Infosec
Ya confirmé con quien vende las bases de datos sobre el ataque y fue por contraseñas débiles en el sistema. El problema es que hay datos sensibles. Con esto bien puede enterarse quien sea cuantas armas (registradas) tiene cada guatemalteco. Además de la dirección y otro datos personales. Es grave.
Me pregunto si ya @DIGECAM_MDN dijo algo al respecto o tiene una postura sobre esto? Muchos usuarios no pueden ingresar a su portal digital con su usuario y contraseña... Preocupante si la información está comprometida.
🚨 WhatsApp’s “end-to-end encrypted” privacy is a total lie. New class-action lawsuit just dropped: Meta secretly let employees, contractors like Accenture, and third parties read, intercept, and store your private messages WITHOUT consent. All while marketing it as “only you and the recipient can read it.” Zuck lied to billions. Your chats were never safe.
