Four journalists included among the threats and risk factors for National Security

On July 1, 2023, accounts dedicated to spreading cyberattacks reported that the Guatemalan Ministry of Defense had been hit by a critical ransomware attack. According to the report, 5.8 GB of data was exfiltrated, with no further details provided.

Army spokesman Rubén Téllez, speaking to Soy502, said that any information that could be downloaded from the circulated link is not linked to the military entity.

Specialized portals indicated something different. First, the attack was attributed to a group of hackers calling themselves Cyclops, who are dedicated to carrying out ransomware attacks. Then, the exact amount of information is available (5.8 GB compressed), and the attack was rated 5, the highest risk factor.

A few weeks ago, I received some documents extracted from that attack. Here, I'm sharing the first recovered document, which I'm going to focus specifically on regarding the press.

One of the documents is a presentation on "Threats and Risk Factors for National Security, Country Focus" in Guatemala. It includes statistical data for 2021 and 2022.

One of the threats, according to the Ministry of Defense, is media campaigns against the Guatemalan Army, along with drug trafficking and organized crime, for example.

In this part of the presentation, I simply point out that they consider the General Press Directorate of the Ministry of National Defense and the Secretariat of Social Communication of the Presidency to be agencies that counter these accusations.

Of this list of journalists included in the presentation, José Rubén Zamora is in prison after an opaque trial. Marvin Del Cid and Sonny Figueroa are in exile due to persecution and threats. And Oscar Clemente Marroquín, who was replaced by Pedro Pablo Marroquín as editor of La Hora.

In the Analysis, they make it clear that they have assumed functions from other agencies due to "their lack of initiative or lack of initiative," and that for this reason, they are trying to discredit their actions.

The lesson learned related to this threat is self-explanatory.

Here again, the language used: "antagonistic organizations" and "non-aligned groups."

A source within the Ministry of the Interior, who prefers to remain anonymous, confirmed to me that this was part of a presentation at the beginning of the year (2023) to evaluate and make decisions. Furthermore, stakeholder mapping is common.

José Zamora, son of José Rubén Zamora, indicated that they were unaware of being included in a presentation on state threats, but that they will evidently be included in that and other presentations, after having published for so many years about acts of corruption within the Ministry of the Interior.

PFor their part, Marvin Del Cid and Sonny Figueroa indicated that they were also unaware of being included in this threat, but that they had been made aware of state surveillance and criminalization plans. This was the reason they traveled to Mexico on that occasion. This coincides with their experience this year.

The cyber attack

Ransomware attacks seek to capture information and data useful to the victim, encrypt it, and sell the access key to regain access to the data. There are a huge number of groups dedicated to this and manage to generate considerable income, as people usually pay.
According to the source who provided me with these files, they were extracted from servers linked to the email service of one of the Ministry of Defense's (MINEF) offices.
By reviewing the structure of the Ministry of Defense's "mindef.mil.gt" domain using basic Open Source Intelligence (OSINT), several vulnerabilities can be found, which I include below.

Vulnerabilities

The first thing is that the domain has all the administrators' information exposed, something that could easily be used for social engineering.

They use shared servers with portals where users may not have the same security practices as everyone else.

They do not use a global CDN and the DNS points to commercial services where the information is hosted.

The leak

This is the first of many posts on the subject. The main motivation is the lesson learned by the Ministry of Education, which is also a lesson learned for us:

"The failure of the agency in charge to enforce the laws toward individuals and organizations not aligned with the government has led to the expression of discontent in the media," the Ministry of National Defense, referring to the work of the press.