Absr!.

CYBER INTELLIGENCE ALERT: ALLEGED MASSIVE WEBSITE COMPROMISE (CHILE) 🇨🇱 [STATUS: UNCONFIRMED / UNAUTHORIZED ACCESS / WEBSHELLS] A massive intrusion campaign attributed to the Pharaohs_Team threat group has been detected. They claim to have deployed webshells on a long list of domains, primarily those with the .cl extension. Incident Details ⚠️ The actor has published an extensive list of compromised websites, categorized using authority metrics (DA/PA). Below are some of the domains mentioned: Government Institutions Chile 🇨🇱: Municipality of Ovalle: https://t.co/BhJUtXTfJ7 Municipality of Palmilla: https://t.co/BlK2r38FTB Organizations and Foundations: Planetario Chile: https://t.co/HFAcYxtTlv Isabel Allende Foundation: https://t.co/LaXnp7n3aj Private Companies and Services Legal and Professional Sector: VF Abogados: https://t.co/wJRRNCuzlO García Nadal (Law/Accounting Firm): https://t.co/wi4j9CzQey Lab Corporativo: https://t.co/2RHWFsEHkh Commerce and Retail: Tazones y Regalos: https://t.co/aeghX35W1H Top Toilet: https://t.co/Mg0exoWZpB Print Market: https://t.co/pGLbKbNHr5 Radical: https://t.co/O3vd3jzaQR Ijole: https://t.co/fvOFYzicFg Reccius: https://t.co/k0LZkkolHw Industrial and Construction Services: Sigten: https://t.co/jVPxlfztcb Grupombo: https://t.co/88nPkIVQHl Ino: https://t.co/B2f35ivDX7 Omz: https://t.co/SXiBlLr9Vv Plastic Solutions: https://t.co/7hClHr12MY and other sectors. Identified Risks 🛡️ Backdoors (Webshells): The presence of these tools allows attackers to execute remote commands, exfiltrate databases, modify web content, and use compromised servers for phishing campaigns or malware distribution. Impact on Trust: The exposure of government and professional websites undermines the digital security of affected organizations and puts their users' information at risk. Mitigation Recommendations 🛡️ Server Audit: Administrators of the listed domains should perform an immediate forensic scan to locate and remove suspicious files from their web directories. Credential Reset: A complete password change for server access (FTP, SSH, control panel) is mandatory, as is updating content management systems (CMS) to their latest versions. Monitoring: Affected organizations are urged to implement Web Application Firewall (WAF) rules to block suspicious requests associated with Pharaohs_Team activity. Strategic Monitoring Tools 🌐 Intelligence Platform: https://t.co/wk9bZJ3laQ 💻 Security Verification: https://t.co/5LuqwzZ2HE 🛡️ #CyberSecurity #PharaohsTeam #Webshell #DataBreach #Chile #ThreatIntelligence #CyberAlert #VECERT #UnderInvestigation

🚨 🇨🇱 CYBER INTELLIGENCE ALERT: ALLEGED COMPROMISE OF RELIGIOUS ENTITY SYSTEMS IN CHILE ⚠️ STATUS: UNVERIFIED; EVIDENCE VISIBLE Data exfiltration activity targeting a religious entity in Chile has been detected, perpetrated by the threat actor calling itself "Soulhem Team." 🏢 Affected Entity: Ecclesiastical institution (affecting domains under the structure https://t.co/7Uol72WU5E and https://t.co/la49hpL2AO). 👤 Threat Actor: Soulhem Team 📅 Detection Date: May 30, 2026 🛠️ Nature and Scope of the Risk The attacker group has published samples of a database containing sensitive information from system users. The exposed logs include: User IDs (id_usuario). Email addresses (mail). Password hashes (pass). Full names and access levels. Login activity logs (Login OK, dates, IP addresses). The group has used hostile language when referring to the national security infrastructure, claiming that this compromise demonstrates persistent vulnerabilities in local systems. 🛡️ Recommendations and Mitigation Forensic Investigation: The affected entity must conduct an immediate audit to validate the extent of the breach and secure the compromised servers. Credential Reset: It is imperative that all users linked to the https://t.co/7Uol72WU5E and https://t.co/la49hpL2AO platforms change their passwords immediately. Monitoring: Following the publication of access logs and contact information, users should be alert to potential phishing or social engineering attempts targeting their personal information. ⚡Strategic Monitoring Tools Intelligence Platform: https://t.co/wk9bZJ2Nli Security Verification: https://t.co/5LuqwzYuS6 #CyberSecurity #Chile #DataLeak #SoulhemTeam #ThreatIntelligence #CyberAlert #VECERT #BreachAlert

🚨 🇪🇸 🇮🇷 🇲🇲 🇮🇳 🇨🇱 🇮🇩 🇫🇷 🇸🇦 🛡️ CYBER INTELLIGENCE ALERT: WAVE OF DATA LEAKS AND SALES (MAY 30, 2026) ⚠️ STATUS: SECURITY ALERT / MULTIPLE INCIDENTS [UNCONFIRMED / SAMPLES AVAILABLE] Unusually high activity has been detected on cybercrime forums, with multiple posts of alleged exfiltrated databases from various global entities. While many of these posts are unconfirmed, the actors have published visible samples of the data to validate their offers. https://t.co/bk8MIs1kHC: The actor "Sophia" is offering 100,000 user records in Spain. Naturgy: The actor "gang" is offering data on 1.6 million Spanish citizens. Hinge: The actor "nilojeda" is offering more than 8 million user records. https://t.co/SjeHTXV2be: The actor "Bambi" is offering a technology database. Ministry of Education (Myanmar): The actor "Infrastructure Destruction Squad" is offering government data. https://t.co/U9ZuzcF50z (India): The actor "vLeakz" is offering government data. https://t.co/fS5jUDFbKd (Chile): The actor "vLeakz" is offering data from the healthcare sector. Ministry of Human Rights (Indonesia): The actor "SCTH" is offering 90,000 records. https://t.co/dVQ9URRlEe (France): The actor "xmrcat" is offering 2 million customer records. Hunger Station (Saudi Arabia): The actor known as "Jeffrey Epstein" is offering 324,000 records for sale. The posts contain sensitive information, including biometric, financial, and educational data, immigration records, and contact information. In the case of https://t.co/gUdjxWx7Hv, the samples include names, ID numbers, addresses, phone numbers, and password hashes. 🛡️ Recommendations and Mitigation Forensic Validation: Affected entities are urged to verify whether the exposed samples correspond to their actual systems. User Protection: Affected users are advised to reset their passwords and exercise extreme caution against phishing or social engineering attempts. Monitoring: Given the high frequency of posts, it is recommended to maintain a high level of vigilance. ⚡Strategic Monitoring Tools Intelligence Platform: https://t.co/wk9bZJ2Nli Security Verification: https://t.co/5LuqwzYuS6 #CyberSecurity #DataLeak #BreachAlert #ThreatIntelligence #CyberAlerta #VECERT #Infosec #IdentityTheft

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: POSSIBLE PERMISSIVE INTRUSION INTO PUBLIC HEALTH SYSTEM — MINSAL CHILE 🇨🇱 ⚠️ POSSIBLE HEALTH PLATFORM WITH POTENTIAL EXPOSURE OF NATIONAL HEALTH RECORDS [STATUS: UNVERIFIED / UNDER INVESTIGATION / ATTRIBUTED TO THREAT ACTOR / CRITICAL RISK OF EXFILTRATION AND UNAUTHORIZED PRIVILEGED ACCESS] Through proactive monitoring of cyber threat distribution channels and hacktivist activities, the publication of a manifesto by the RSA CRACKERS group was detected on May 28, 2026. The threat actor claims to have exploited vulnerabilities and credential flaws in the systems of the Chilean Ministry of Health. The group alleges that the breach potentially exposed more than 36 million health records of Chilean citizens. Under a "good faith" narrative, the attacker maintains that they did not exfiltrate the database or infect the service. However, the collected graphical evidence suggests that the actor maintained operational access to an active government platform. 🎯 Affected Entity: Chilean Ministry of Health 👤 Threat Actor: RSA CRACKERS 📂 Potential Volume and Impact: Theoretical exposure of up to 36 million patient records, medical histories, and national epidemiological information. 📊 Technical Breakdown and Visual Evidence Analysis Through detailed analysis of the file, the following logical and operational compromise vectors can be deduced: 1. Credential Abuse Compromising Roles and Privileges Generalized Access: The visual evidence in the sample image indicates that the attacker accessed the system using a legitimate but compromised corporate credential. This access likely granted them privileges to perform general queries on citizens, patients, and medical records. Role and Institution Flexibility: The exposed web system has upper management modules that explicitly allow "Change institution" and "Select role." This means that the attacker had the operational capabilities to switch between different healthcare entities and modify their internal permissions as needed during the session. 2. Exposed Clinical and Demographic Data (PII and PHI) The forms displayed in Screenshot_113.png reveal direct access to critical epidemiological control interfaces and patient data: General and Epidemiological Background: Display of case notification forms, epidemiological weeks, final patient status classification (e.g., "Confirmed"), case number, corresponding SEREMI (e.g., SEREMI of Atacama), and contact information for healthcare professionals. Patient Identification Form: Fields displaying the RUN (National Unique Identification Number), full names, surnames, sex, date of birth, patient status ("Alive" or "Deceased"), nationality, health insurance provider (e.g., FONASA), exact residential address (street, municipality, region of residence), and emergency cell phone numbers. Geographic Segmentation: Full nationwide filtering capacity, encompassing drop-down menus for the Santiago Metropolitan Region (municipalities such as Alhué, Buin, Calera de Tango, Cerrillos, Cerro Navia, and Colina) and northern regions such as Tarapacá, Antofagasta, Atacama, Coquimbo, and Valparaíso. 🛡️ Emergency Mitigation and Recommendations 🛑 Revocation and Cross-Cutting Audit of Identities (Critical Priority): The Ministry of Health (MINSAL) is urged to immediately invalidate all active sessions on the epidemiological and patient registration portals. It is mandatory to identify the specific account used to capture the screenshots by cross-referencing access logs with the selected options (such as the Atacama Regional Health Authority (SEREMI) or the regional consultations of May 28). 🔒 Implementation of Geographic and Network Restrictions: Strengthen web application firewall (WAF) policies and restrict access to administration and role change modules exclusively through corporate VPN connections authenticated with two-factor authentication (MFA) based on hardware tokens. ⚡ Monitoring and Evaluation 🌐 Intelligence System: https://t.co/wk9bZJ3laQ 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QkkYK #CyberSecurity #DataLeak #Chile #Minsal #RSACrackers #Anci #Hacktivism #ThreatIntelligence #CiberAlert #VECERT #DataBreach #UnderInvestigation #PublicHealth

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: DOXXING CAMPAIGN AND EXPOSURE OF GOVERNMENT PAY STATEMENTS — CHILE 🇨🇱 ⚠️ THE "RSA CRACKERS" GROUP EXPOSES REMUNERATION AND TAX DATA OF MUNICIPAL MAYORS [STATUS: ALLEGEDLY UNCONFIRMED / VISIBLE SAMPLES UNDER REVIEW / RISK OF SOCIAL ENGINEERING AND TARGETED FRAUD] Through proactive monitoring of Telegram channels and data leak platforms associated with the RSA CRACKERS campaign, an active targeted exposure (doxxing) campaign against local governments in the Republic of Chile was detected on May 27, 2026. The threat actor has published compressed files (sueldo-alcalde-talcahuano(.)zip, 3.0 MB, and Liquidacion-sueldo-alcalde(.)zip, 1.9 MB) containing digital copies and records of the May 2026 payroll statements for mayors and high-ranking officials of various Chilean municipalities, such as the Municipality of Talcahuano and the Municipality of Arica. 🎯 Affected Entities (Chile 🇨🇱): Municipality of Talcahuano (https://t.co/mKSnXiKogY - Biobío Region). Municipality of Arica (https://t.co/eAqfyLF6bs - Arica and Parinacota Region). 👤 Threat Actor: RSA CRACKERS 📂 Volume and Files: May 2026 payroll tax documentation in image/PDF format, packaged in public ZIP files. ⚙️ Incident Type: Data Exposure Campaign (Doxxing), Human Resources Information Leak, and Personally Identifiable Information (PII) Exposure. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Payroll System Audit (Chilean Municipalities): It is recommended that the administration and finance departments of the affected municipalities suspend email accounts or internal human resources portals that have experienced an unusual volume of document downloads in recent days. 🔒 Out-of-Band Verification for Internal Payments: Rigorously implement two-factor authentication or direct phone confirmation for all internal payment orders that use digitized signatures or originate from municipal emails, to mitigate the impact of forged documents with signatures obtained through doxxing. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #Doxxing #Chile #Municipalities #Talcahuano #Arica #RSACrackers #FinancialFraud #BEC #ThreatIntelligence #CyberAlert #VECERT #Infosec #Unverified