Andrea 🌹

🚨 🇨🇱 CYBER INTELLIGENCE ALERT: MASSIVE CAMPAIGN AGAINST DIGITAL INFRASTRUCTURE IN CHILE ⚠️ MORE THAN 120 DOMAINS COMPROMISED The Pharaoh's Team threat group has published a massive list of more than 120 compromised targets, almost all belonging to the Chilean domain name space (.cl). The attackers are offering for sale direct access to control panels (cPanel) and WordPress admin privileges (WP-admin), granting them complete control over the websites and their associated databases. 🎯 Affected Sectors: Government, Education, Legal, Transportation, and Commercial in Chile. 👤 Threat Actor: Pharaoh's Team 🛠️ Access Vectors: cPanel and WordPress Admin Credentials. 📅 Detection Date: May 2026 📊 ANALYSIS OF COMPROMISED ENTITIES 🕵️‍♂️ THREAT SUMMARY The Pharaoh's Team threat group has published a massive inventory of compromised access points targeting almost exclusively Chilean digital infrastructure. The attackers gain complete control through cPanel and WP-admin credentials, allowing them to manipulate files, databases, and institutional emails. These are the entities with the greatest institutional and social impact: 🏛️ Government and Municipal Sector Municipality of Palmilla: https://t.co/HOlQj2TaYO. The compromise of municipal data subdomains represents a critical risk to citizens' privacy and the integrity of local public services. 🎓 Education Sector (Institutions and Schools) San Viator School of Macul: https://t.co/heR1KK1x4f Hispano Americano School: https://t.co/m6d0kf4uw5 Portales School: https://t.co/ogFog5onzb La Igualdad High School: https://t.co/dMsgdpyVWO GRC High School: https://t.co/XuX1X09Yfc Prince of Asturias School (Valdivia): https://t.co/8pJe2wNhcP ⚖️ Notary and Legal Sector (Public Faith Services) Julio Abuyeres Notary Office: https://t.co/TVuAVyAmHQ Renata González Notary Office: https://t.co/bJHWqt7N1X Villalobos Notary Office: https://t.co/z7HYDtFl3Q CEP Abogados: https://t.co/AgdTwOVZsG IP Abogados: https://t.co/X6RLhGHe5W 🚌 Transportation, Unions, and Health Narbus: https://t.co/L5X7dLTvma (Intercity bus company). Starbucks Union: https://t.co/YDUqSKDyLb. Arrayán Mental Health: https://t.co/X3Rd1PKDRo. 💼 Unions and Associations: https://t.co/YDUqSKDyLb (Starbucks Chile Workers' Union). [RISK ANALYSIS]: By gaining access to cPanel, the attacker not only controls the website's visible content (via WP-admin), but also has the ability to intercept institutional emails, load phishing emails, deploy malware to infect visitors, and access databases containing Personally Identifiable Information (PII) of citizens and clients. 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Credential Reset: Administrators of the listed domains are urged to immediately change passwords at all levels (cPanel, Database, FTP, and WordPress Users). ⚠️ File Audit: Review the root directory for recently uploaded suspicious .php files (Webshells) that could allow the attacker to persist. 🔒 MFA Implementation: Mandatory Multi-Factor Authentication (2FA) must be enabled for access to control panels and content management. 💻 Plugin Audit: Update all WordPress components, as the exploit often stems from vulnerabilities in unpatched plugins. ⚡ MONITORING 🌐 Monitoring System: https://t.co/wk9bZJ3laQ #Cybersecurity #Chile #DataBreach #cPanel #WordPress #PharaohsTeam #CriticalInfrastructure #VECERT #CyberAlert #InfosecChile