#FraudeUSAC ¿Por qué están defendiendo a los que están disparando?
Así cuestionaron los estudiantes a la Policía que está desplazada en la USAC en donde a pesar de los disparos y un estudiante herido no han intervenido.
📹J. Rodríguez
🚨 CYBER INTELLIGENCE ALERT / EXFILTRATION OF SENSITIVE DATA: HEALTH SECTOR — GUATEMALA 🇬🇹
[STATUS: ACTIVE THREAT / UNCONFIRMED / HEALTH SECTOR / SOURCE: UNDERGROUND FORUM]
THEME ACTOR "M✘T3Я." IS SELLING ALLEGED DATABASE OF THE MINISTRY OF PUBLIC HEALTH
The threat actor identified by the alias M✘T3Я. has announced in underground communities the exfiltration and sale of the central databases of the Ministry of Public Health and Social Assistance (MSPAS) of Guatemala. The attacker claims to have compromised the perimeter infrastructure of the health servers due to the lack of controls and logical security practices, managing to extract structured records ranging from epidemic control to medical records of patients with chronic conditions and vital civil records.
🏢 Allegedly Affected Entity: Ministry of Public Health and Social Assistance of Guatemala (https://t.co/zfXJTFMCsk).
👤 Threat Actor: M✘T3Я.
🔍 Verification Status: UNCONFIRMED. As of June 24, 2026, the Guatemalan Ministry of Health authorities have not issued official statements confirming a large-scale intrusion or loss of integrity of their databases. This is unconfirmed because no evidence was found.
🗂️ FORENSIC ANALYSIS AND TAXONOMY OF THE EXPOSED DATASET
The publication explicitly details the assumption that the stolen data compromises the population's health data lifecycle, structured in four main relational modules:
📋 1. Epidiary (Epidemiological Surveillance and Outbreaks)
Content: Dates of institutional reports, hierarchical mapping by area, district, and health service, diagnosis of epidemiological events, location (community/municipality), demographic breakdown (sex and age), pregnancy status, current patient condition, and active outbreak alerts.
🔑 2. HIV List / ICD-10 Code B24.X (~12,647 records)
Content: Patient's full name in plain text, sex, date of birth, assigned unique patient code, clinical care timestamps, psychological counseling records, history of tests administered with their respective results, exact date of HIV diagnosis, and the location of the healthcare center or hospital unit responsible for treatment.
🪦 3. Deaths (FRegister)
Content: Identities of deceased persons, sex, age, exact date and time of death, residential address, clinical diagnosis with the direct cause of death, coordinates of the location of the death, type of medical care received prior to death, and the identification data of the physician who certified the death certificate.
👶 4. Births (Registration)
Content: Newborn's identity, sex, date of birth, weight, type of delivery, full names, ages and addresses of the parents and legal guardians, history of living or deceased children in the family unit, and the identity of the healthcare personnel who attended the birth.
🛡️ TECHNICAL RECOMMENDATIONS AND EMERGENCY RESPONSE (SOC)
🛑 Isolation of Reporting and Auditing Endpoints (SOC Guatemala): The MSPAS security teams are urged to immediately audit all external connections to the databases of the epidemiological surveillance systems and vital records, isolating unusual requests aimed at extracting bulk queries (Bulk Downloads).
🔑 Revocation of District and Health Center Credentials: Immediately invalidate active session tokens for administrative accounts distributed across healthcare centers nationwide. Implement the mandatory policy for changing complex passwords associated with systems that require Multi-Factor Authentication (MFA/2FA).
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security with: https://t.co/QZhWp0kFrO
#CyberSecurity #Guatemala #MSPAS #DataLeak #HIHList #Epidiario #DeathRegistry #Births #PIIExposure #MedicalRecords #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedBreach
🚨 CYBER INTELLIGENCE ALERT: WEB EXPLOIT INJECTION AND NEOLINK DECONFIGURATION — GUATEMALA 🇬🇹
[STATUS: UNDER SUPERVISION]
The threat actor, fully identified under the alias NemorisHacking, has perpetrated a web exploit injection attack. The actor indicates that they compromised and visually defaced transactional instances of the NeoLink/NeoNet payment gateway infrastructure in Guatemala (.gt). The incident directly affects active transactional links, exposing critical weaknesses in the sanitization of website entry points. According to the evidence collected, the attack replaced the legitimate card payment form with a custom panel titled "The Mirror of Your Shadow," with explicit text attributing the compromise to the attacker.
🏢 Affected Entity: Infrastructure associated with NeoLink/NeoNet Guatemala (Payment Gateway)
👤 Threat Actor: NemorisHacking
⚔️ Attack Vector: Web Exploit Injection / Active Link Defacement
⚠️ CRITICAL RISK ANALYSIS AND EXPOSED FIELDS
The presence of code injections on payment processing platforms represents an imminent risk of large-scale financial fraud:
💳 Phishing and Formjacking Risk: The attacker demonstrates the ability to inject HTML elements into high-trust domains (https://t.co/Kki7MNatVe). This facilitates the cloning of critical fields such as "Card Number", "MM/YY", and "CVV" for the silent exfiltration of banking data (Magecart style) before redirecting the user.
🛑 Payment Chain Disruption: By altering the legitimate transaction interface, secure fund collection for affiliated merchants that rely on that link ID is completely disabled.
🛡️ MITIGATION AND PREVENTIVE TECHNICAL RECOMMENDATIONS
🚫 Link Isolation and Deactivation: NeoLink platform administrators are urged to immediately revoke and disable the token/ID of the compromised link to stop the deployment of malicious code.
💻 Code Injection Audit (Web App Audit): Thoroughly review server-side variable validation mechanisms in payment link generation routes to block the injection of HTML/JS payloads.
📊 MONITORING AND EVALUATION
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security with: https://t.co/QZhWp0kFrO
#CyberSecurity #Guatemala #NeoNet #NeoLink #WebExploit #Defacement #NemorisHacking #FinancialThreats #ThreatIntelligence #CyberAlert #VECERT #Infosec
#ULTIMAHORA DUEÑO DEL HOTEL CASA SANTO DOMINGO SOBREVUELA FINCA QUE ESTA SIENDO ALLANADA POR EL MP.
Para intentar amedrentar a las fuerzas de seguridad que se encontraban tratando de ingresar a la finca La Chacra, para ejecutar una orden de allanamiento en esta propiedad que esta siendo investigada por un caso de ECOCIDIO en el cinturon verde de La Antigua Guatemala. El representante de #FundAntigua y dueño del hotel CASA SANTO DOMINGO, #DIegoCastañeda realizó sobrevuelos a bordo de un helicóptero durante varios minutos en los alrededores de la finca allanada.
Fuentes en el lugar aseguran que el abogado de FUNANTIGUA, Nino Rosales, intentó por un largo tiempo evitar que las autoridades del @MPguatemala y la @PNCdeGuatemala ingresaran a la propiedad para realizar el allanamiento.
Porque nadie está por encima de la ley, nadie.
#XELAnews 🇫🇷
Noticias sin injerencias.
🚨 FINANCIAL INTELLIGENCE ALERT: MASSIVE LEAK – UNIVERSITY OF SAN CARLOS OF GUATEMALA (USAC) 🇬🇹🎓🏦🔓
A critical security compromise has been detected affecting the Integrated Financial Information System (SIIF) of the University of San Carlos of Guatemala (USAC). Threat actor MrGoblinciano has published a database containing sensitive financial information regarding the institution's employees.
🏢 Affected Entity: University of San Carlos of Guatemala (USAC).
👤 Threat Actor: MrGoblinciano.
🌐 Compromised System: USAC - SIIF (Integrated Financial Information System).
📅 Data Period: Information corresponding to the years 2025 and 2026.
📊 Scope of the Breach (PII and Banking Data)
The leak exposes critical financial fields that enable precise economic profiling of the teaching and administrative staff:
Official Identity: Names of recipients and their CUI (Unique Identification Code) numbers.
Banking Information: Bank names and bank account numbers.
Payroll Details: Deposit amounts (in figures and words) and transaction dates.
Organizational Structure: Specific university departments where the affected individual is employed.
🛡️ Immediate Response Recommendations
🔒 Change Bank Accounts: USAC personnel are advised to consult with their banking institutions regarding the possibility of changing their account numbers or, at a minimum, activating enhanced security alerts.
🔑 SIIF Security: The university must immediately audit SIIF access logs to identify the exfiltration vector and close any persistent vulnerabilities.
Monitor: https://t.co/wk9bZJ3laQ
#CyberSecurity #Guatemala #USAC #SIIF #DataBreach #Finance #CUI #MrGoblinciano #VECERT #InfoSec 🇬🇹🛡️⚠️🚨🏦
#FraudeUSAC Estudiantes del Centro Universitario del Norte han tenido una jornada de protestas desde el 8 de abril en el que se consumó el fraude para la elección del rector de la #USAC
En el CUNOR también exigen que Gonzalo Eskenasy deje el cargo de director del centro regional
📹CUNOR
#FraudeUsac Estudiantes universitarios marchan del CUM hacia el Campus Central
La comunidad universitaria de Medicina y Psicología rechazan el fraude realizado por las autoridades universitarias el 8 de abril en la elección a Rector.
Exigen la renuncia de quienes usurpan el Consejo Superior Universitario y no reconocen a Mazariegos como autoridad.
📹El Resumen
Alguien entró al las bases de datos del Digecam, copió 30GB que contiene a) la BD de 21,7k usuarios (incluidos hashes), b) la BD de 62k armas, y c) 52,5k certificados en PDFs.
A todos los usuarios del sistema les cambiaron las contraseñas.
Ahora en la USAC la @PNCdeGuatemala y @mingobguate hace cambio de agentes de la FEP y coloca en primera línea a mujeres, mientras al fondo siguen manifestantes de estudiantes contra Walter Mazariegos tras su reelección como rector.
#FraudeUSAC OEA pide a Arévalo no invocar autonomía universitaria para omitir acción estatal en la #USAC
La Organización de los Estados Americanos (OEA) instó al Ejecutivo encabezado por Bernardo Arévalo a no usar la autonomía universitaria como justificación para la inacción ante hechos delictivos en la Universidad de San Carlos de Guatemala (USAC). Señaló violencia, intimidación y exclusión electoral, y urgió garantizar seguridad y legalidad.