Carlos Montalvo
864 posts
@ultrahkr2005
Amante del Café, Escritor de Poesía y otras cosas mas...
3.16 extra /eco 3.10 diésel Parece que respetan el 5% de banda
📄 INTELLIGENCE REPORT: DIGERCIC, Access Vectors, and the Evolution to "GordonFreeman" The recent announcement regarding the leak of 14.8 million records and 10.6 million images—attributed to Ecuador's Civil Registry (DIGERCIC) by the threat actor "GordonFreeman"—is, in reality, a repackaging of data. Technical analysis confirms that this information was exfiltrated from the Ministry of Public Health (MSP) systems in 2025, during the period when the actor was operating under the alias "Gatito_FBI." 1. Database Discrepancy (DIGERCIC vs. MSP) The actor's claim of having breached the Civil Registry is refuted upon analyzing the database columns exposed in the provided evidence. In the most recent breach, the following SQL insertion structure was observed: The presence of fields such as [Approximate_Age], [Contact_Name], [Relationship], and [Contact_Phone] are characteristic indicators of a medical file or emergency clinical record. Formal civil registry records utilize exact dates of birth and do not require recording the "relationship" of an emergency contact in this manner. This confirms that the origin of the data lies within the Ministry of Public Health's system. Concurrently with these records, it was verified that the actor was extracting facial images associated with these medical files. 2. Detected Attack Vector: Infostealers and Scraping The initial intrusion did not stem from a sophisticated cyberattack against the infrastructure (such as a zero-day exploit), but rather from the exploitation of the identity supply chain: Initial Access: The primary vector detected involves the consumption of Infostealer logs (malware designed to steal credentials saved in web browsers). The actor obtained valid credentials belonging to officials or authorized medical personnel who had been previously infected, thereby gaining legitimate access to the MSP's internal portals. Mass Exfiltration: Once the authentication perimeter was breached, the attacker deployed automated scraping tools to iterate through records and systematically download both textual information and a massive volume of facial photographs. ⏱️ Complete Attribution Timeline (Gatito_FBI → GordonFreeman) The tactic of recycling data from 2025 and presenting it in 2026 under a new name stems from a criminal marketing campaign designed to establish the new identity. Below is the complete operational history demonstrating this migration and the actor's fixation on critical infrastructure in Latin America. Phase 1: Operations under the alias "Gatito_FBI" (August 2025) Aug 05, 2025 | Venezuela: Leak of 2.9 million records pertaining to minors. Aug 05, 2025 | Peru: Reported breaches at Sanipes, UPC, and the Izipay payment gateway database. Aug 07, 2025 | Colombia: Leak of internal documents and multimedia files from the Judicial Branch. Aug 13, 2025 | Peru: Monetization via a doxing bot (FenixBot) and the leak of 440,000 records—including National ID numbers (DNI) and photos—from the Ministry of Labor. Aug 17, 2025 | Bolivia: Exposure of military data (Ministry of Defense – Relief Services). Aug 24, 2025 | Ecuador: Official announcement of a massive leak targeting the Ministry of Public Health (MSP) (The actual source of the data recently presented as DIGERCIC). Phase 2: Identity Migration to "GordonFreeman" (Early 2026) The actor abandons their public Telegram profile and professionalizes their approach, shifting focus toward targets with higher financial profitability (banks, fintechs, and massive government databases). Jan 30, 2026 | Venezuela: Fintech CASHEA (Accounts, phone numbers, RIFs). Feb 01, 2026 | Ecuador & Spain: Access to the Arms Control Agency (Ecuador) and the Ministry of Universities (Spain). Feb 05, 2026 | International: Compromise of Air France (2M users), Flair Airlines, and the Argentine Air Force. Feb 06 – 07, 2026 | Paraguay: Breaches at the Office of the Comptroller General (340K) and DINAC. Feb 10 – 11, 2026 | Venezuela (Financial): Compromise of the Central Bank of Venezuela (BCV) webmail and 65K accounts from Bancrecer Bank. Feb 15, 2026 | Panama: Fintech ZINLI (50K users). Mar 04, 2026 | Global: 25K international passports exposed. Apr 03, 2026 | Ecuador & Chile: ANT Ecuador (17M vehicles) and 10M records in Chile. Apr 04 – 15, 2026 | Paraguay & Venezuela: Civil Registry of Paraguay (5M), CORPOELEC electrical system, and SENIAT (13.8M tax records). Apr 18 – 22, 2026 | Venezuela: Data extraction at CONVIASA (165GB), police database, and PDVSA (Emails/Identities). Apr 28 – 30, 2026 | Guatemala: RENAP (18M records), SAT (5.6M vehicles), and Ministry of Education (150K). May 05, 2026 | Ecuador (Recent Incident): Publication of 14.8M data records and 10.6M images. Falsely attributed to DIGERCIC; the data and photographs were originally scraped from the MSP in August 2025 using access credentials obtained via Infostealer logs. The transition from the alias Gatito_FBI to GordonFreeman represents a tactical and operational maturation toward high-financial-impact cybercrime in Latin America. The actor has left behind public exposure and low-level fraud on open forums to focus on the exfiltration and monetization of critical, banking, and government infrastructure. Technical analysis conclusively demonstrates that the incident publicized as a breach of DIGERCIC is, in reality, "data recycling." By repackaging information scraped from the Ministry of Public Health in 2025—obtained using official credentials compromised by info-stealers—the attacker seeks to artificially inflate their technical reputation and the commercial value of the data on underground markets. This behavioral pattern underscores that the true current risk to these organizations does not necessarily lie in zero-day vulnerabilities within their perimeter, but rather in the systematic exploitation of the digital identity supply chain. Mitigating this threat requires prioritizing the active invalidation of credentials exposed in malware logs and strengthening the monitoring of automated access (scraping prevention) to interconnected state databases. #GordonFreeman #GatitoFBI #ThreatActor #Infostealer #Scraping #DataRecycling
📍 #Guayaquil 🚨 La Bahía concentra uno de los mayores focos, con al menos 500 madrigueras en medio de basura y alta actividad comercial. 📲 bit.ly/4cSt34d
Dude walks into a chipotle and treats the utensils and Tabasco sauce like a grab and go.
🇪🇨 🚨 Ecuador Transportation App Breach – SQLi + Full Database Exposed A dark web post claims a complete compromise of the “Tu Taxi Amigo” transportation app in Ecuador, including SQL injection access and full database exposure. 📊 Key Claims: • ~25,000 records in database • Data includes both customers and drivers: Names, emails, usernames Passwords (likely hashed, but unclear) Addresses Credit card / payment data (high risk claim) Admin panel allegedly exposed Credentials shared in clear text Attack vector explicitly stated: SQL Injection (SQLi) 🧠 Threat Intelligence Insight: • This is a critical security failure pattern: SQLi → full database extraction Hardcoded / weak admin credentials If credit card data is real: Immediate financial fraud risk Even without cards: Credential reuse attacks likely (users reuse passwords) Exposure of admin panel + creds suggests: No proper access controls / no MFA ⚠️ Assessment: • Highly plausible compromise scenario: SQLi + exposed admin creds is a common real-world chain However: Credit card claim needs verification (often exaggerated) ⚠️ Risk Implications: • Account takeover across platforms (password reuse) • Financial fraud (if payment data valid) • Targeting of drivers and customers • Full platform compromise and service abuse 📊 Status: Unverified — but technically credible and high-risk scenario ⸻ 💬 SQL injection is decades old — yet still breaking modern apps. #CyberSecurity #DataBreach #SQLi #FinTech #Ecuador #ThreatIntel #DDW
@BeardedMonkey15 @Alfachackra Pero cierta gente como encebollado con arroz...
@Alfachackra @RumboPlural Pero a parte de atacar a las personas (posición simplista y fácil) qué le parece la propuesta, planteamientos y postulados de la organización? Usted está a favor o en contra de la defensa de los valores republicanos, liberales, que hacen a la democracia?
@Alfachackra Lo dicen los que pusieron en la alcaldía a Bucaram y a Viteri.
@Alfachackra Ya dejen el fanatismo por la RC5 y abran los ojos , no se dejen ver la cara estimados
