F

🚨 STRATEGIC CYBER INTELLIGENCE ALERT: POSSIBLE PERMISSIVE INTRUSION INTO PUBLIC HEALTH SYSTEM — MINSAL CHILE 🇨🇱 ⚠️ POSSIBLE HEALTH PLATFORM WITH POTENTIAL EXPOSURE OF NATIONAL HEALTH RECORDS [STATUS: UNVERIFIED / UNDER INVESTIGATION / ATTRIBUTED TO THREAT ACTOR / CRITICAL RISK OF EXFILTRATION AND UNAUTHORIZED PRIVILEGED ACCESS] Through proactive monitoring of cyber threat distribution channels and hacktivist activities, the publication of a manifesto by the RSA CRACKERS group was detected on May 28, 2026. The threat actor claims to have exploited vulnerabilities and credential flaws in the systems of the Chilean Ministry of Health. The group alleges that the breach potentially exposed more than 36 million health records of Chilean citizens. Under a "good faith" narrative, the attacker maintains that they did not exfiltrate the database or infect the service. However, the collected graphical evidence suggests that the actor maintained operational access to an active government platform. 🎯 Affected Entity: Chilean Ministry of Health 👤 Threat Actor: RSA CRACKERS 📂 Potential Volume and Impact: Theoretical exposure of up to 36 million patient records, medical histories, and national epidemiological information. 📊 Technical Breakdown and Visual Evidence Analysis Through detailed analysis of the file, the following logical and operational compromise vectors can be deduced: 1. Credential Abuse Compromising Roles and Privileges Generalized Access: The visual evidence in the sample image indicates that the attacker accessed the system using a legitimate but compromised corporate credential. This access likely granted them privileges to perform general queries on citizens, patients, and medical records. Role and Institution Flexibility: The exposed web system has upper management modules that explicitly allow "Change institution" and "Select role." This means that the attacker had the operational capabilities to switch between different healthcare entities and modify their internal permissions as needed during the session. 2. Exposed Clinical and Demographic Data (PII and PHI) The forms displayed in Screenshot_113.png reveal direct access to critical epidemiological control interfaces and patient data: General and Epidemiological Background: Display of case notification forms, epidemiological weeks, final patient status classification (e.g., "Confirmed"), case number, corresponding SEREMI (e.g., SEREMI of Atacama), and contact information for healthcare professionals. Patient Identification Form: Fields displaying the RUN (National Unique Identification Number), full names, surnames, sex, date of birth, patient status ("Alive" or "Deceased"), nationality, health insurance provider (e.g., FONASA), exact residential address (street, municipality, region of residence), and emergency cell phone numbers. Geographic Segmentation: Full nationwide filtering capacity, encompassing drop-down menus for the Santiago Metropolitan Region (municipalities such as Alhué, Buin, Calera de Tango, Cerrillos, Cerro Navia, and Colina) and northern regions such as Tarapacá, Antofagasta, Atacama, Coquimbo, and Valparaíso. 🛡️ Emergency Mitigation and Recommendations 🛑 Revocation and Cross-Cutting Audit of Identities (Critical Priority): The Ministry of Health (MINSAL) is urged to immediately invalidate all active sessions on the epidemiological and patient registration portals. It is mandatory to identify the specific account used to capture the screenshots by cross-referencing access logs with the selected options (such as the Atacama Regional Health Authority (SEREMI) or the regional consultations of May 28). 🔒 Implementation of Geographic and Network Restrictions: Strengthen web application firewall (WAF) policies and restrict access to administration and role change modules exclusively through corporate VPN connections authenticated with two-factor authentication (MFA) based on hardware tokens. ⚡ Monitoring and Evaluation 🌐 Intelligence System: https://t.co/wk9bZJ3laQ 🛡️ Quickly assess your website's security with: https://t.co/YnDw1QkkYK #CyberSecurity #DataLeak #Chile #Minsal #RSACrackers #Anci #Hacktivism #ThreatIntelligence #CiberAlert #VECERT #DataBreach #UnderInvestigation #PublicHealth