Chris PFM

🚨 CYBER INTELLIGENCE ALERT: ALLEGED MASSIVE SALE OF MOBILE TELEMETRY DATA — CHILE 🇨🇱 💥 CRITICAL THREAT: ACTOR PUTS DATABASE WITH OVER 6.8 MILLION CHILEAN PHONE NUMBERS UP FOR SALE [STATUS: THREAT UNDER INVESTIGATION / UNVERIFIED / EXPOSURE OF PII / SOURCE: CHINESE CLANDESTINE MARKET] A threat actor, obfuscated08, has announced on a Chinese-origin clandestine data trading platform the sale of a massive database containing 6,880,000 unique phone numbers belonging to Chilean citizens. 🏢 Affected Entity/Population: Mobile and residential phone users in Chile 👤 Threat Actor: Registered under ID 08 (The same actor involved in the recent sale of critical infrastructure databases in Asia). 📊 Reported Volume: 6.88 million Chilean phone records cleaned of duplicates. ⚔️ Use Case: Compilation and indexing of contact lists for the deployment of automated social engineering attacks, telephone fraud campaigns, and brute-force attacks. 🔍 Verification Status: SUSPECTED / NOT VERIFIED. The incident remains under predictive monitoring by CTI analysts to determine the exact source of the leak (possible leak from a local telecommunications operator or a nationwide delivery/retail service). 📊 MONITORING AND EVALUATION Intelligence System: https://t.co/wk9bZJ3laQ Quickly assess your website's security with: https://t.co/QZhWp0ldhm #CyberSecurity #Chile #TelecomLeaks #PhoneLeak #DataLeak #Smishing #SIMSwapping #PIIExposure #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedBreach

¡Inaceptable! La TGR dejó prescribir $30.000 millones por pura negligencia. Mientras se le exige a los ciudadanos pagar hasta el último peso, el Estado pierde fortunas por inoperancia. Esto no puede quedar en un simple "error". Exigimos sumarios, responsables con nombre y apellido, y una modernización radical del sistema de cobranzas. ¡El patrimonio de todos no puede ser botín de la desidia administrativa!

Mientras tanto, en EEUU, una abuela de 93 años, llamada Mary, que sigue trabajando en un cine AMC para pagar sus facturas, sin poderse jubilar, limpiando la basura que la gente deja atrás en las salas. Este es el futuro del capitalismo, que trabajes hasta morir sin poder jubilarte para pagar las facturas de los seguros médicos privados.

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: DOXXING CAMPAIGN AND EXPOSURE OF GOVERNMENT PAY STATEMENTS — CHILE 🇨🇱 ⚠️ THE "RSA CRACKERS" GROUP EXPOSES REMUNERATION AND TAX DATA OF MUNICIPAL MAYORS [STATUS: ALLEGEDLY UNCONFIRMED / VISIBLE SAMPLES UNDER REVIEW / RISK OF SOCIAL ENGINEERING AND TARGETED FRAUD] Through proactive monitoring of Telegram channels and data leak platforms associated with the RSA CRACKERS campaign, an active targeted exposure (doxxing) campaign against local governments in the Republic of Chile was detected on May 27, 2026. The threat actor has published compressed files (sueldo-alcalde-talcahuano(.)zip, 3.0 MB, and Liquidacion-sueldo-alcalde(.)zip, 1.9 MB) containing digital copies and records of the May 2026 payroll statements for mayors and high-ranking officials of various Chilean municipalities, such as the Municipality of Talcahuano and the Municipality of Arica. 🎯 Affected Entities (Chile 🇨🇱): Municipality of Talcahuano (https://t.co/mKSnXiKogY - Biobío Region). Municipality of Arica (https://t.co/eAqfyLF6bs - Arica and Parinacota Region). 👤 Threat Actor: RSA CRACKERS 📂 Volume and Files: May 2026 payroll tax documentation in image/PDF format, packaged in public ZIP files. ⚙️ Incident Type: Data Exposure Campaign (Doxxing), Human Resources Information Leak, and Personally Identifiable Information (PII) Exposure. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Payroll System Audit (Chilean Municipalities): It is recommended that the administration and finance departments of the affected municipalities suspend email accounts or internal human resources portals that have experienced an unusual volume of document downloads in recent days. 🔒 Out-of-Band Verification for Internal Payments: Rigorously implement two-factor authentication or direct phone confirmation for all internal payment orders that use digitized signatures or originate from municipal emails, to mitigate the impact of forged documents with signatures obtained through doxxing. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #Doxxing #Chile #Municipalities #Talcahuano #Arica #RSACrackers #FinancialFraud #BEC #ThreatIntelligence #CyberAlert #VECERT #Infosec #Unverified

🚨 PREVENTIVE CYBER INTELLIGENCE ALERT: ALLEGED EXPOSURE OF CUSTOMER DATA — BANCO FALABELLA CHILE 🇨🇱 ⚠️THE ACTOR "THE BLACKH4T MD-GHOST" PUBLISHES AN ALLEGED DATA DUMP OF 20 MILLION RECORDS [STATUS: ALLEGEDLY UNVERIFIED / PROBABLE COLLECTION OR REPOST (HISTORICAL) / UNDER INVESTIGATION] Through proactive monitoring of clandestine data distribution channels on the Telegram platform, a post has been detected by the threat actor operating under the alias The BlackH4t MD-Ghost. The attacker is promoting the download of a compressed file titled BANK FALABELLA CHILE.rar, claiming it contains user information and banking data exceeding 20 million lines. However, based on the actor's profile within the cybersecurity community and preliminary technical analysis, there are strong indications that this incident does not represent a new or direct intrusion into the entity, but rather a compilation of past breaches or a reposting of historical information. 🎯 Affected Entity (Alleged): Banco Falabella Chile (https://t.co/sFuxqbhJAn - Financial Sector, Chile 🇨🇱). 👤 Threat Actor: The BlackH4t MD-Ghost 📂 Claimed Volume: 20,000,000+ records (Packaged in a file of only 1.7 MB). ⚙️ Incident Type: Alleged Customer Data Exfiltration / Repost Distribution. 📊 TECHNICAL ANALYSIS AND INCONSISTENCIES OF THE THREAT In developing our cybersecurity research, verifying the authenticity of data is crucial to avoid false alarms that overwhelm organizations' incident response operations. In this case, the following anomalies were identified: 📉 Critical Size Discrepancy (Data Compression): The actor claims that the file contains more than 20 million lines of banking user data ("Lines: 20M+"). However, the indicated size for the .rar file is only 1.7 MB. Even under extreme compression algorithms, a volume of 20 million structured banking records would weigh substantially more than 1.7 MB (where the estimated average size would exceed 200 MB for very basic plain text schemes). This is a clear indicator that the database could contain very limited information (such as a simple list of Chilean tax ID numbers or emails without credentials or financial statements) or be a completely fake file (Fake Leak). 🔄 Attacker Profile ("Reposter"): The threat actor has a history of collecting previously exposed leaks (for example, from the massive hack of Chilean entities in previous years) on underground forums and renaming them to inflate their personal reputation and attract traffic to their Telegram channels or encrypted communication sessions. 🛡️ MITIGATION AND PREVENTIVE RECOMMENDATIONS 🛑 Brand Monitoring and Active Phishing (For Banco Falabella Chile): Despite the high probability that it is a repost, the bank's cybersecurity team should increase its monitoring of the creation of similar domains (Typosquatting) and phishing emails targeting its customer base in the coming days. 🔒 Forensic Analysis of the File (BANK FALABELLA CHILE.rar): It is recommended to download and analyze the file in a controlled environment (Sandbox) to verify the actual data schema and compare the samples with historical Chilean data breaches recorded in 2018, 2019, and 2023, in order to officially confirm the correlation of duplicates. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QjN9c #CyberSecurity #DataBreach #Chile #BankFalabella #MD_Ghost #FinancialFraud #Reposter #Unverified #ThreatIntelligence #CyberAlert #VECERT #Infosec