joc

🚨 CYBER INTELLIGENCE ALERT: 🇨🇱 [UNCONFIRMED / CRITICAL] INTERNAL ACCESS TO TELECOMMUNICATIONS — VTR CHILE [STATUS: UNCONFIRMED / NETWORK INFRASTRUCTURE COMPROMISE] A post originating from the Telegram channel of a threat actor named "Rutify" has been detected. The visual evidence processed in the screenshots, , demonstrates that the attacker has gained direct administrative access to the internal provisioning, network management, and customer control panel of the telecommunications company VTR Chile. 📂 Technical Analysis of the Visible Evidence The screenshots reveal access to an internal web administration panel with deep privileges over the provisioning of fixed and mobile services for VTR Chile. Three major risk vectors were identified based on the exposed modules: 1. Network and Critical Infrastructure Management (Network & Provisioning) The system's sidebar exposes operational menus that compromise the ISP's network: Node Status & CMTS Pools: Control over the status of CMTS (Cable Modem Termination System) nodes and pools, the core infrastructure that connects VTR's broadband customers' cable modems. DHCP Leases & Traffic Stats: Access to the network's IP address assignments and real-time traffic statistics. Provisioning (Job Queue / Config Templates): An active job queue with 12 pending requests and configuration templates. Modifying these templates would allow an attacker to alter the physical provisioning of customer services. 2. Geographic Infrastructure Mapping (Chile Nodes) The screenshots show key identifiers from the internal network naming convention that confirm the geographic impact on Chilean municipalities and infrastructure: SCL-LAS-COND-07 and SCL-CMTS-04: Direct references to infrastructure located in Santiago, Chile (SCL), specifically in the Las Condes municipality. VLP-CENTRO-01: Infrastructure assigned to the Valparaíso region (VLP). CCP-NORTE-02: Nodes linked to the Concepción / Biobío region (CCP). 3. PII Exfiltration and Financial Plan Control The "Account Detail" section and plan modules demonstrate the ability to extract and alter critical customer data in Chile: Exposed Identity Fields: The system stores and allows searches using the RUT (Tax ID), subscriber number, account number, service number, and the customer's current IP address, as well as sensitive mobile identifiers such as the ICCID (SIM card serial number) and IMSI (International Mobile Subscriber Identity). Financial Rate Manipulation: A live query shows an active plan named "Postpago 50GB — " (Chilean Pesos). The panel displays a menu for immediate plan changes under the CUST_REQUEST (customer request) order type, meaning the attacker can alter the company's billing systems. 🛡️ Recommended Actions (Defensive Measures) Perimeter Blocking and Session Revocation: The VTR Chile/ClaroVTR security team must be alerted urgently to identify access logs for their provisioning tools (specifically the backend modules shown in the screenshots), revoke all active web sessions, and enforce the strict use of hardware-based multi-factor authentication (MFA). VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 https://t.co/wk9bZJ2Nli Security Verification & Monitoring: 🛡️ https://t.co/5LuqwzYuS6 #CyberSecurity 🔐 #Chile 🇨🇱 #VTR #ClaroVTR #DataBreach 📁 #Telecoms #SIMSwapping #RUT #InitialAccess #ThreatIntelligence 📊 #VECERT 🏢