💖 I'm sponsoring calebporzio because…
Una de los apoyos que con gusto realizo por el arduo trabajo que ha realizado este chico... https://t.co/GhZkF84yDO
🚨 CYBER INTELLIGENCE ALERT: CRITICAL COMPROMISE OF THE MINISTRY OF FINANCE - GUATEMALA 🇬🇹
⚠️ MASSIVE EXFILTRATION OF 130K RECORDS AND 324GB OF SENSITIVE DOCUMENTATION
[STATUS: UNDER INVESTIGATION]
The threat actor "GordonFreeman" of LAT4MFUCK3RS has claimed full compromise of the RGAE (General Registry of State Acquisitions) system of the Guatemalan Ministry of Finance. The attacker claims to have exploited critical API-level vulnerabilities to bypass perimeter protections (WAF/Cloudflare) and extract the complete database of suppliers and registered individuals.
👤 Threat Actor: LAT4MFUCK3RS., GordonFreeman
🎯 Affected Entity: Ministry of Public Finance (RGAE).
📂 Data Volume: 130,000 records (2020-2026) + 235,000 PDF files.
📦 Total Size: 324.5 GB of exfiltrated information.
📊 ANALYSIS OF EXPOSED INFORMATION (PII AND DOCUMENTARY)
The leak includes not only structured data, but also legal and financial documentation that compromises the identity of thousands of citizens and companies:
Structured Data (Database):
Full names, Tax Identification Number (NIT), National Identification Code (CUI).
Residential addresses, telephone numbers, and email addresses.
Type of organization (Individual/Legal Entity).
Critical Documentation (PDF Files):
University degrees and scanned copies of national identity cards.
SAT invoices, tax clearance certificates, and business licenses.
Company incorporation documents and notarial deeds.
Bank statements, balance sheets, and administrative contracts.
🔍 TECHNICAL EVIDENCE AND VECTORS
The attacker detailed the methods used, confirming a systemic flaw in the portal's security architecture.
🛡️ WAF Evasion: Use of simulated legitimate traffic to avoid volume-based blocking.
🔓 API Vulnerabilities:
IDOR/BOLA: Unauthorized access to request sections (/api/Request/GetSections).
Open APIs: Unauthenticated endpoints directly connected to SAT systems (/api/sat/email).
🛡️ MITIGATION AND RECOMMENDATIONS
🛑 Urgent API Closure: The Ministry of Finance must audit and immediately close the exposed API endpoints and reconfigure authentication under the principle of least privilege.
⚠️ Massive Risk of Impersonation: Given the exfiltration of DPIs and signatures, banking institutions and the SAT (Tax Administration Service) must strengthen identity verification controls for both in-person and remote transactions.
🔒 Social Engineering Alert: The 130,000 affected individuals are at extreme risk of targeted phishing attacks or extortion, as attackers possess their physical addresses and financial solvency details.
⚡ MONITORING
🌐 Intelligence Platform: https://t.co/wk9bZJ3laQ
#CyberSecurity #Guatemala #DataBreach #MinistryOfFinance #RGAE #SAT #PII #CyberAlert #VECERT #LAT4MFUCK3RS
#ULTIMAHORA ¿Y CÓMO ES LA SEGURIDAD DEL SISTEMA PENITENCIARIO EN EL GOBIERNO DE LA PERCEPCIÓN DE ARÉVALO?
Seguidores denuncian a un vehículo que transportaba reos del Sistema Penitenciario, mientras circulaba hoy en horas de la tarde por la diagonal 6 de la zona 10 capitalina, donde se ve como con la aprobación de los custodios, los presos colgaban una bolsa donde iban pidiendo dinero y recogiendo lo que los transeúntes les daban, que podía, ser droga, celulares, entre otros ilícitos, advierten los denunciantes.
#Florecerás 🇬🇹🌱
#XELAnews 🇫🇷
Noticias sin injerencias.
Si esto estuviese ocurriendo en Venezuela o Cuba ,, no habría suficientes horas al día para los informativos del régimen ,,,, pero no , no es Venezuela ni Cuba , es la "soñada" sociedad Estadounidense
⤵️😘
NO TENGAS PAREJA HASTA QUE SEPAS ESTO
Muchos hombres terminan:
– rotos
– usados
– anulados
Porque no saben esto
Aquí van 10 principios que un hombre debe dominar antes de compartir su vida con alguien: