Cyber Threat Actor: Seller13

Seller13, operating under the aliases Kapustkiy and Kasimierz L., breached the Argentinian Ministry of Industry's official website (produccion.gob.ar) in December 2016. The attackers compromised an administrator account, exposing personal data of approximately 18,000 individuals including names, home addresses, email accounts, social media profiles, and phone numbers. Internal ministry documents were also accessed during the intrusion. While the actor downloaded all files from the compromised servers, they refrained from publicly leaking the stolen information and notified the ministry about the breach.

The operation demonstrates Seller13's focus on government digital assets in Latin America, specifically targeting Argentina's federal infrastructure. Their objective centered on demonstrating access capabilities rather than financial theft or data monetization, evidenced by their voluntary disclosure to both the ministry and media outlets. Technical execution relied on credential compromise through weak administrator passwords rather than SQL injection or advanced exploits. The actor gained persistent access to backend systems through the admin panel, enabling full exfiltration of sensitive databases and documents. No malware deployment or post-exploitation tooling was referenced in the breach.

Public reporting attributes this campaign solely to Seller13's aliases without evidence of state sponsorship or criminal consortium ties. The operation remains their most documented incident, highlighting systemic vulnerabilities in government web application security. Ministry officials had not responded to disclosure requests when initial reports published, though subsequent administrative portal takedowns suggested remediation efforts. Seller13's operational security practices included withholding specific intrusion methodologies while providing journalists with proof-of-access documentation.