#Hacker vende acceso aliclik



Old credentials from an Infostealer infection enabled a senstive government account takeover

A hacker is selling admin access to Argentina's Ministry of Interior via Cisco Umbrella.

According to the database of cybercrime Intelligence firm, Hudson Rock, the login very likely originates from a 2022 Infostealing malware infection of an Argentinian computer that used the credentials "[admin@mininterior.gov.ar](mailto:admin@mininterior.gov.ar)" to sign into login.umbrella.com (matching the images that are shown by the hacker)- Reset old passwords.

I reported this to Cisco's CSIRT & Umbrella, hope they answer & fix quickly.

Images from the hacker's thread –

https://preview.redd.it/ptkyzkji6fkd1.png?width=1079&format=png&auto=webp&s=47104b9942c7eed20f9fd038cfedca422a4ee936

https://preview.redd.it/k9ffuuyg6fkd1.png?width=1711&format=png&auto=webp&s=e2edb6c1cdd3ca6ab28cef8fcdf24fd9b5568bcc

Image from Hudson Rock's platform showing an infection of an Argentinian computer, the infection is very old (2022) but the credentials apparently still worked

https://preview.redd.it/55m4zcam6fkd1.png?width=1383&format=png&auto=webp&s=82547530ff3e3bab5edadfe094c03a98813d415b


[matched_content]

By Diario

4 thoughts on “A hacker is selling admin access to Argentina’s Ministry of Interior through Cisco Umbrella.”

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *