Top Tweets for #VECERT_Alert
π¨ #VECERT_Alert: BLACK MARKET FOR "SHELLS" AND WEB ACCESS - PHARAOH'S TEAM πΊπ
Our Threat Intelligence team has identified massive activity involving the illicit trade of unauthorized access credentials by the cybercriminal group known as Pharaoh's Team. This actor operates as an "infrastructure provider" for other attackers, selling Web Shells (granting full access to servers) sourced from a vast list of international companies.
List of Affected Entities Identified So Far:
ποΈ Government Institutions (.gov Domains)
These represent the highest-impact victims, as full shell access allows attackers to manipulate official information or launch attacks from trusted servers:
Mozambique: https://t.co/OjWERBHSBo (Ministry of Tourism of Mozambique).
Ghana: https://t.co/E4Rdv3ym2I (National Library or Government Entity of Ghana).
Brazil: https://t.co/KDTOizHLzy (Municipal Health Fund of Guaraci, Brazil).
Mexico: https://t.co/x2y7zg44Uc (Educational Services of Quintana Roo/Sinaloa).
π Academic and Scientific Sector (.edu Domains)
The compromise of these entities places research, student data, and intellectual property at risk:
Pakistan: https://t.co/JLKfgKlT97 (Skytech Institute of Technology).
Brazil: https://t.co/BNAlb0WDRT (Federal University of Ouro Preto).
Brazil: https://t.co/H2MC5ZouA3 (Legal Practice Center of the University of Contestado).
India: https://t.co/Dnw3wljWtw (Santhigiri College of Computer Sciences).
π₯ Healthcare Sector and Critical Services
Hospital San Miguel: https://t.co/HrKBEJdAXn (Healthcare facility).
SRK Hospital: https://t.co/NAcqaBdUhp (Hospital entity in India).
Mendwell Agencies: https://t.co/BgwBxztj42 (Medical supply providers).
π’ Large Corporations and Logistics
ThreeBond Brazil: https://t.co/77Kkg8hb4h (Japanese-origin chemical multinational; restricted access area compromised). Transnacional: https://t.co/nj8W4y556s (Logistics and cash-in-transit company).
Imbragro: https://t.co/cRrPMnejXF (Major agricultural trading company with a Domain Authority [DA] of 34).
Besco: https://t.co/0XeJUfna49 (Leading company in the construction and real estate sectors in Peru).
πͺπΈ Presence in Spain
Katei: `https://t.co/P6dKFpl2Hb` (Specialized services/technology provider in Spain).
πΊ ACTOR PROFILE AND METHODOLOGY (PHARAOH'S TEAM):
Unlike other groups, Pharaoh's Team specializes in the mass compromise of web servers for subsequent resale:
Vulnerability Exploitation (Zero-Days): The actor claims to utilize zero-day vulnerabilities to compromise up to 2,000 sites in a single operation.
Web Shell Deployment: Once the server has been breached, they install a "Shell" that grants them "full access" to the site's files and databases.
#CyberSecurity #DataLeak #PharaohsTeam #Shells #Ciberseguridad #WebShell #ZeroDay #VECERT #Infosec #BreakingNews
![VECERTRadar's tweet photo. π¨ #VECERT_Alert: BLACK MARKET FOR "SHELLS" AND WEB ACCESS - PHARAOH'S TEAM πΊπ
Our Threat Intelligence team has identified massive activity involving the illicit trade of unauthorized access credentials by the cybercriminal group known as Pharaoh's Team. This actor operates as an "infrastructure provider" for other attackers, selling Web Shells (granting full access to servers) sourced from a vast list of international companies.
List of Affected Entities Identified So Far:
ποΈ Government Institutions (.gov Domains)
These represent the highest-impact victims, as full shell access allows attackers to manipulate official information or launch attacks from trusted servers:
Mozambique: https://t.co/OjWERBHSBo (Ministry of Tourism of Mozambique).
Ghana: https://t.co/E4Rdv3ym2I (National Library or Government Entity of Ghana).
Brazil: https://t.co/KDTOizHLzy (Municipal Health Fund of Guaraci, Brazil).
Mexico: https://t.co/x2y7zg44Uc (Educational Services of Quintana Roo/Sinaloa).
π Academic and Scientific Sector (.edu Domains)
The compromise of these entities places research, student data, and intellectual property at risk:
Pakistan: https://t.co/JLKfgKlT97 (Skytech Institute of Technology).
Brazil: https://t.co/BNAlb0WDRT (Federal University of Ouro Preto).
Brazil: https://t.co/H2MC5ZouA3 (Legal Practice Center of the University of Contestado).
India: https://t.co/Dnw3wljWtw (Santhigiri College of Computer Sciences).
π₯ Healthcare Sector and Critical Services
Hospital San Miguel: https://t.co/HrKBEJdAXn (Healthcare facility).
SRK Hospital: https://t.co/NAcqaBdUhp (Hospital entity in India).
Mendwell Agencies: https://t.co/BgwBxztj42 (Medical supply providers).
π’ Large Corporations and Logistics
ThreeBond Brazil: https://t.co/77Kkg8hb4h (Japanese-origin chemical multinational; restricted access area compromised). Transnacional: https://t.co/nj8W4y556s (Logistics and cash-in-transit company).
Imbragro: https://t.co/cRrPMnejXF (Major agricultural trading company with a Domain Authority [DA] of 34).
Besco: https://t.co/0XeJUfna49 (Leading company in the construction and real estate sectors in Peru).
πͺπΈ Presence in Spain
Katei: `https://t.co/P6dKFpl2Hb` (Specialized services/technology provider in Spain).
πΊ ACTOR PROFILE AND METHODOLOGY (PHARAOH'S TEAM):
Unlike other groups, Pharaoh's Team specializes in the mass compromise of web servers for subsequent resale:
Vulnerability Exploitation (Zero-Days): The actor claims to utilize zero-day vulnerabilities to compromise up to 2,000 sites in a single operation.
Web Shell Deployment: Once the server has been breached, they install a "Shell" that grants them "full access" to the site's files and databases.
#CyberSecurity #DataLeak #PharaohsTeam #Shells #Ciberseguridad #WebShell #ZeroDay #VECERT #Infosec #BreakingNews](https://pbs.twimg.com/media/HFV6fhyWcAAcO4y.png)
π¨ #VECERT_Alert: HACKTIVIST THREAT REACTIVATION - BLACKHEX BROTHERHOOD π½π»πͺ
The resurgence of the hacktivist group known as BlackHex Brotherhood has been detected. Through their communication channels, the group has announced the resumption of its offensive operations under the *OpVzlaDown* campaign, suggesting a series of targeted attacks against Venezuela's digital infrastructure.
Group: BlackHex Brotherhood.
Status: Active (Reactivation declared in April 2026).
Ideology: Hacktivism with a focus on digital destabilization operations and large-scale data theft.
βοΈ ANTICIPATED METHODOLOGIES AND PROCESSES:
Based on the group's history and the nature of the announced campaign, the following tactics are anticipated:
Defacement (Web Defacement): Alteration of official websites to disseminate political messages or group propaganda.
Exfiltration and Leaking: Intrusion attempts targeting state databases to expose sensitive information regarding government officials or entities.
#CyberSecurity #Venezuela #BlackHexBrotherhood #Hacktivism #Ciberseguridad #Infosec #BreakingNews #IntelligenceAlert
π¨ #VECERT_Alert: DATA BLACK MARKET IN MEXICO π²π½π
A massive operation involving the sale of sensitive information has been detected, led by a cybercriminal operating under the alias MagoSpeak. This individual has made available a criminal catalog that compromises the privacy of millions of citizens and the integrity of the country's most critical institutions.
π¦ BANKING AND RETAIL SECTORS UNDER ATTACK:
The cybercriminal claims to possess customer databases from:
Banks: Santander, BBVA, Banamex, Banorte, HSBC, Scotiabank, Invex, and Banco Azteca (Baz).
Retail/Consumer: Liverpool, Coppel, and Banco del BajΓo.
Microfinance: Multibanco and Banco del Bienestar.
ποΈ GOVERNMENT INSTITUTIONS AND DATA:
The severity of the situation escalates with the confirmed exposure of records from:
π Identity: INE (National Electoral Institute).
π₯ Health and Social Security: IMSS, Afores, and records of Retirees/Pensioners.
π΄ Vulnerable Populations: Registries of older adults (65+ Program).
π TELECOMMUNICATIONS AND BUSINESSES:
MagoSpeak's criminal reach extends to user data from:
π± Telcel, Movistar, AT&T.
π Telmex, Totalplay.
π’ Databases belonging to SMEs, Schools, and Large Corporations.
Monitor:
https://t.co/wk9bZJ3laQ
#CyberSecurity #DataLeak #Mexico #ThreatIntel #FinCrime #Ine #Imss #Infosec #MagoSpeak #BreakingNews
π¨ #VECERT_Alert: Massive Government Data Leak - Cali, Colombia π¨π΄
An offer to sell critical databases belonging to official domains of the Mayor's Office of Santiago de Cali (https://t.co/z4Kbr9jtwH) has been detected. The attack is a collaborative effort involving multiple actors: NyxarGroup, ArcRaidersPlayer, Petro_Escobar, and CryptoDead.
π Affected Hosts: https://t.co/5DwnDC4NQW and https://t.co/Zg6kyE5Zr4.
π₯ Citizen Data (PII): Full names, ID numbers (CΓ©dula), physical addresses, dates of birth, mobile/landline phone numbers, and email addresses.
πΊοΈ Municipal Information: Census data, inventories, vehicle registration records, detailed geographic maps, and outdoor advertising records.
π Internal Documentation: National property records (predial files) and specific coordinates (East/North).
This incident highlights a vulnerability within the citizen management subdomains. The combination of personal data with property records significantly elevates the risk of financial crimes and large-scale identity theft within the region.
Monitor:
https://t.co/wk9bZJ2Nli
#CyberSecurity #DataLeak #Colombia #Cali #ThreatIntel #Infosec #OSINT #VECERT #Ciberseguridad #AlcaldiaDeCali
Last Seen Hashtags on Sotwe
ΰΉΰΉΰΈΰΈ§ΰΈΰΈΰΈΰΈ±ΰΈΰΈ«ΰΈ‘ΰΈ²
Seen from Thailand
nolimit #nsfw
Seen from Israel
turro
Seen from Argentina
γ
γ±
Seen from Korea
Ψ―ΩΩΨͺ_Ψ¨Ψ―ΩΩΩΩΩ
Seen from Netherlands
gorgeprofonde
Seen from France
ΰΈΰΈ§ΰΈΰΈΰΈ₯ΰΈΰΈΈΰΈ£ΰΈ΅
Seen from Thailand
chudai aunty
Seen from United States
NoLimit() filter:videos
Seen from France
η¬γ«γ²γ£γγγγ
Seen from Indonesia
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers