José Rax

🚨 CYBER INTELLIGENCE ALERT: CRITICAL COMPROMISE OF THE MINISTRY OF FINANCE - GUATEMALA 🇬🇹 ⚠️ MASSIVE EXFILTRATION OF 130K RECORDS AND 324GB OF SENSITIVE DOCUMENTATION [STATUS: UNDER INVESTIGATION] The threat actor "GordonFreeman" of LAT4MFUCK3RS has claimed full compromise of the RGAE (General Registry of State Acquisitions) system of the Guatemalan Ministry of Finance. The attacker claims to have exploited critical API-level vulnerabilities to bypass perimeter protections (WAF/Cloudflare) and extract the complete database of suppliers and registered individuals. 👤 Threat Actor: LAT4MFUCK3RS., GordonFreeman 🎯 Affected Entity: Ministry of Public Finance (RGAE). 📂 Data Volume: 130,000 records (2020-2026) + 235,000 PDF files. 📦 Total Size: 324.5 GB of exfiltrated information. 📊 ANALYSIS OF EXPOSED INFORMATION (PII AND DOCUMENTARY) The leak includes not only structured data, but also legal and financial documentation that compromises the identity of thousands of citizens and companies: Structured Data (Database): Full names, Tax Identification Number (NIT), National Identification Code (CUI). Residential addresses, telephone numbers, and email addresses. Type of organization (Individual/Legal Entity). Critical Documentation (PDF Files): University degrees and scanned copies of national identity cards. SAT invoices, tax clearance certificates, and business licenses. Company incorporation documents and notarial deeds. Bank statements, balance sheets, and administrative contracts. 🔍 TECHNICAL EVIDENCE AND VECTORS The attacker detailed the methods used, confirming a systemic flaw in the portal's security architecture. 🛡️ WAF Evasion: Use of simulated legitimate traffic to avoid volume-based blocking. 🔓 API Vulnerabilities: IDOR/BOLA: Unauthorized access to request sections (/api/Request/GetSections). Open APIs: Unauthenticated endpoints directly connected to SAT systems (/api/sat/email). 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Urgent API Closure: The Ministry of Finance must audit and immediately close the exposed API endpoints and reconfigure authentication under the principle of least privilege. ⚠️ Massive Risk of Impersonation: Given the exfiltration of DPIs and signatures, banking institutions and the SAT (Tax Administration Service) must strengthen identity verification controls for both in-person and remote transactions. 🔒 Social Engineering Alert: The 130,000 affected individuals are at extreme risk of targeted phishing attacks or extortion, as attackers possess their physical addresses and financial solvency details. ⚡ MONITORING 🌐 Intelligence Platform: https://t.co/wk9bZJ3laQ #CyberSecurity #Guatemala #DataBreach #MinistryOfFinance #RGAE #SAT #PII #CyberAlert #VECERT #LAT4MFUCK3RS