Top Tweets for #TUID

🚨 CYBER INTELLIGENCE ALERT: GOVERNMENT DOXXING - URUGUAY 🇺🇾 ⚠️ CRITICAL THREAT: SALE OF ACCESS TO STATE DATABASES AND LEAK OF YOUR DNIC AND YOUR IDENTITY (TuID) [STATUS: UNDER INVESTIGATION / THREAT ACTOR] The threat actor known as "lapampaleaks" has announced on clandestine networks and the Spear Forum the activation of a cyber intelligence and people reporting service specifically designed to track, profile, and exfiltrate private data of any Uruguayan citizen. As a technical demonstration, the attacker exposed the detailed identity dossiers of three high-ranking political and institutional figures in Uruguay, blaming the breach on security vulnerabilities at the Ministry of the Interior and the Agency for Electronic Government and the Information and Knowledge Society (AGESIC). 👤 Actor: lapampaleaks 🎯 National Infrastructure Compromised: Databases and reports from the National Directorate of State Intelligence (DNIC). Integrated records from the Ceibal educational and connectivity platform. Massive extraction (scraping) of data from Uruguay's official sovereign digital identity system, TuID. Persistent active access within state networks. 📊 ANALYSIS OF TECHNICAL CAPABILITIES (MONITORING SYSTEM) Visual evidence demonstrates that the actor does not possess a simple static text dump, but rather an interactive web-based intelligence query tool (Cyber Intelligence Tool with FastAPI) that consumes structured state data: Relationship and Kinship Mapping: The developed backend includes specific endpoints such as /family and /familypro (Get Family Pro), allowing buyers to automatically track the target's entire family tree, romantic partners, children, and business associates. Exposed Sensitive Information Fields: Full names, photographs of official identification documents, private phone numbers, and personal email addresses (e.g., Gmail, Hotmail). Financial credit scoring data, bank accounts, and financial institutions (e.g., Scotiabank, Itaú), along with tax debt history. Precise geographical details: Department, tax address, and residential geolocation data. Political Doxxing as Proof: To validate the authenticity of the compromised system access, the threat actor published confidential intelligence dossiers belonging to the former President of the Republic. 🔍 STRATEGIC INTELLIGENCE NOTE [VECERT ANALYSIS]: This incident represents a critical breach in the digital identity trust chain within Uruguay. By compromising or exfiltrating data from core systems—such as TuID (which citizens use to authenticate themselves with banks, government ministries, and for notarial procedures)—the attackers have not only violated privacy but have also enabled an ecosystem ripe for large-scale financial fraud, SIM swapping attacks, and identity theft for the purpose of opening fraudulent accounts. The claim of possessing "active access within state entities" suggests that the group may maintain persistence within internal government networks through compromised credentials or backdoors (WebShells) that have gone undetected by perimeter security teams. 🛡️ URGENT TECHNICAL MITIGATIONS AND RECOMMENDATIONS 🛑 Endpoint Blocking and Invalidation: CERTuy and AGESIC infrastructure teams are urged to trace anomalous requests originating from local environments or APIs that match the exposed FastAPI structure (`/familiares`) in order to identify the source server and take it offline. 🔒 Comprehensive Audit of the TuID System: Conduct an in-depth review of data exfiltration logs and batch requests on TuID and Ceibal servers to contain the data leak and revoke any compromised access tokens. ⚠️ Stricter Identity Verification: Banking and telecommunications entities in Uruguay must cease relying on static data (such as ID numbers, family members' names, or addresses) as valid factors for verifying a customer's identity during remote or telephone-based transactions. ⚡ MONITORING AND ASSESSMENT 🌐 Intelligence System: https://t.co/wk9bZJ2Nli 🛡️ Quickly assess your website's security at: https://t.co/YnDw1QjN9c #CyberSecurity #Uruguay #Doxxing #TuID #Ceibal #DNIC #AGESIC #SpearForum #ThreatIntelligence #CiberAlerta #VECERT #Infosec #IdentityTheft #PrivacyLeak