Julio César

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: POSSIBLE PERMISSIVE INTRUSION INTO PUBLIC HEALTH SYSTEM — MINSAL CHILE 🇨🇱 ⚠️ POSSIBLE HEALTH PLATFORM WITH POTENTIAL EXPOSURE OF NATIONAL HEALTH RECORDS [STATUS: UNVERIFIED / UNDER INVESTIGATION / ATTRIBUTED TO THREAT ACTOR / CRITICAL RISK OF EXFILTRATION AND UNAUTHORIZED PRIVILEGED ACCESS] Through proactive monitoring of cyber threat distribution channels and hacktivist activities, the publication of a manifesto by the RSA CRACKERS group was detected on May 28, 2026. The threat actor claims to have exploited vulnerabilities and credential flaws in the systems of the Chilean Ministry of Health. The group alleges that the breach potentially exposed more than 36 million health records of Chilean citizens. Under a "good faith" narrative, the attacker maintains that they did not exfiltrate the database or infect the service. However, the collected graphical evidence suggests that the actor maintained operational access to an active government platform. 🎯 Affected Entity: Chilean Ministry of Health 👤 Threat Actor: RSA CRACKERS 📂 Potential Volume and Impact: Theoretical exposure of up to 36 million patient records, medical histories, and national epidemiological information. 📊 Technical Breakdown and Visual Evidence Analysis Through detailed analysis of the file, the following logical and operational compromise vectors can be deduced: 1. Credential Abuse Compromising Roles and Privileges Generalized Access: The visual evidence in the sample image indicates that the attacker accessed the system using a legitimate but compromised corporate credential. This access likely granted them privileges to perform general queries on citizens, patients, and medical records. Role and Institution Flexibility: The exposed web system has upper management modules that explicitly allow "Change institution" and "Select role." This means that the attacker had the operational capabilities to switch between different healthcare entities and modify their internal permissions as needed during the session. 2. Exposed Clinical and Demographic Data (PII and PHI) The forms displayed in Screenshot_113.png reveal direct access to critical epidemiological control interfaces and patient data: General and Epidemiological Background: Display of case notification forms, epidemiological weeks, final patient status classification (e.g., "Confirmed"), case number, corresponding SEREMI (e.g., SEREMI of Atacama), and contact information for healthcare professionals. Patient Identification Form: Fields displaying the RUN (National Unique Identification Number), full names, surnames, sex, date of birth, patient status ("Alive" or "Deceased"), nationality, health insurance provider (e.g., FONASA), exact residential address (street, municipality, region of residence), and emergency cell phone numbers. Geographic Segmentation: Full nationwide filtering capacity, encompassing drop-down menus for the Santiago Metropolitan Region (municipalities such as Alhué, Buin, Calera de Tango, Cerrillos, Cerro Navia, and Colina) and northern regions such as Tarapacá, Antofagasta, Atacama, Coquimbo, and Valparaíso. 🛡️ Emergency Mitigation and Recommendations 🛑 Revocation and Cross-Cutting Audit of Identities (Critical Priority): The Ministry of Health (MINSAL) is urged to immediately invalidate all active sessions on the epidemiological and patient registration portals. It is mandatory to identify the specific account used to capture the screenshots by cross-referencing access logs with the selected options (such as the Atacama Regional Health Authority (SEREMI) or the regional consultations of May 28). 🔒 Implementation of Geographic and Network Restrictions: Strengthen web application firewall (WAF) policies and restrict access to administration and role change modules exclusively through corporate VPN connections authenticated with two-factor authentication (MFA) based on hardware tokens. ⚡ Monitoring and Evaluation 🌐 Intelligence System: https://t.co/wk9bZJ3laQ 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QkkYK #CyberSecurity #DataLeak #Chile #Minsal #RSACrackers #Anci #Hacktivism #ThreatIntelligence #CiberAlert #VECERT #DataBreach #UnderInvestigation #PublicHealth

🚨 PREVENTIVE CYBER INTELLIGENCE ALERT: ALLEGED EXPOSURE OF CUSTOMER DATA — BANCO FALABELLA CHILE 🇨🇱 ⚠️THE ACTOR "THE BLACKH4T MD-GHOST" PUBLISHES AN ALLEGED DATA DUMP OF 20 MILLION RECORDS [STATUS: ALLEGEDLY UNVERIFIED / PROBABLE COLLECTION OR REPOST (HISTORICAL) / UNDER INVESTIGATION] Through proactive monitoring of clandestine data distribution channels on the Telegram platform, a post has been detected by the threat actor operating under the alias The BlackH4t MD-Ghost. The attacker is promoting the download of a compressed file titled BANK FALABELLA CHILE.rar, claiming it contains user information and banking data exceeding 20 million lines. However, based on the actor's profile within the cybersecurity community and preliminary technical analysis, there are strong indications that this incident does not represent a new or direct intrusion into the entity, but rather a compilation of past breaches or a reposting of historical information. 🎯 Affected Entity (Alleged): Banco Falabella Chile (https://t.co/sFuxqbhJAn - Financial Sector, Chile 🇨🇱). 👤 Threat Actor: The BlackH4t MD-Ghost 📂 Claimed Volume: 20,000,000+ records (Packaged in a file of only 1.7 MB). ⚙️ Incident Type: Alleged Customer Data Exfiltration / Repost Distribution. 📊 TECHNICAL ANALYSIS AND INCONSISTENCIES OF THE THREAT In developing our cybersecurity research, verifying the authenticity of data is crucial to avoid false alarms that overwhelm organizations' incident response operations. In this case, the following anomalies were identified: 📉 Critical Size Discrepancy (Data Compression): The actor claims that the file contains more than 20 million lines of banking user data ("Lines: 20M+"). However, the indicated size for the .rar file is only 1.7 MB. Even under extreme compression algorithms, a volume of 20 million structured banking records would weigh substantially more than 1.7 MB (where the estimated average size would exceed 200 MB for very basic plain text schemes). This is a clear indicator that the database could contain very limited information (such as a simple list of Chilean tax ID numbers or emails without credentials or financial statements) or be a completely fake file (Fake Leak). 🔄 Attacker Profile ("Reposter"): The threat actor has a history of collecting previously exposed leaks (for example, from the massive hack of Chilean entities in previous years) on underground forums and renaming them to inflate their personal reputation and attract traffic to their Telegram channels or encrypted communication sessions. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Brand Monitoring and Active Phishing (For Banco Falabella Chile): Despite the high probability that it is a repost, the bank's cybersecurity team should increase its monitoring of the creation of similar domains (Typosquatting) and phishing emails targeting its customer base in the coming days. 🔒 Forensic Analysis of the File (BANK FALABELLA CHILE.rar): It is recommended to download and analyze the file in a controlled environment (Sandbox) to verify the actual data schema and compare the samples with historical Chilean data breaches recorded in 2018, 2019, and 2023, in order to officially confirm the correlation of duplicates. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #DataBreach #Chile #BankFalabella #MD_Ghost #FinancialFraud #Reposter #Unverified #ThreatIntelligence #CyberAlert #VECERT #Infosec