Cyber Incident Victim: Ámbito en Argentina
Date:
Jun 2025
Location:
Argentina
Summary
Ámbito en Argentina was hit by a cyberattack carried out by the hacktivist group @gov.eth, which massively altered the site’s content. The attackers replaced normal articles with messages that often include a skull image and political hashtags, a tactic they have used in previous intrusions against other news outlets and government portals. The outlet issued an apology to its readers for the disruption and confirmed that the breach was limited to content modification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Friday, June 13, 2025, Ámbito en Argentina reported that it had become the victim of a cyberattack. The site stated that the attack
On June 13 attack was carried out by the group @gov.eth, which massively modified the contents of the website. The group @gov.eth is described in the article as a known hacktivist that has previously targeted other media and social‑media accounts. According to the report, the same group had attacked La Unión Digital de Catamarca on the preceding Thursday, June 12, 2025. Earlier incidents attributed to @gov.eth include compromises of Perfil.com and the Argentina.gob.ar domain. These past attacks share a pattern of altering online content rather than disrupting service availability.
The modification of Ámbito’s contents resulted in the publication asking readers for an apology, indicating that the unauthorized changes were visible to visitors. The attacker’s typical method involves inserting an image of a skull accompanied by various hashtags and a political message, which aligns with the description of the June 13 incident. As a consequence of the morning of June 13, 20 with.
attack
On Friday, June 13, 2025, Ámbito en Argentina reported that it had become the victim of a cyberattack. The site stated that the June 13 attack was carried out by the group @gov.5, the news website Ámbito en Argentina experienced a cyberattack that disrupted its online operations. The attack was carried out by the hacktivist group identified as @gov.eth, which gained unauthorized access to the website’s content management system. According to the report published by Ámbito itself, the attackers modified a large volume of content across the site in a coordinated manner. The alteration of content was described as massive, affecting multiple sections of the news portal simultaneously. The attackers did not merely deface the site but changed substantive content, indicating a deliberate effort to manipulate the information presented to the public. The incident was disclosed publicly by Ámbito through a statement published on its own platform, where the outlet acknowledged the breach and expressed regret to its audience for the disruption. The statement emphasized that the attackers had successfully altered content on a large scale, necessitating corrective measures. The disclosure included an apology directed at the readership for the inconvenience and potential misinformation caused by the altered content. The statement did not elaborate on the technical methods used by the attackers to gain access or the specific systems compromised beyond the content management layer. It also did not detail any data theft, service downtime duration, or whether any user data was compromised. The statement focused on the factual acknowledgment of the breach and the nature of the content alteration. The attackers’ signature behavior, as noted in the article, includes altering account or content material and frequently incorporating a skull image alongside political hashtags. This pattern was consistent with their prior actions against other Argentine media outlets and government sites. The article references that @gov.eth had previously hacked La Unión Digital de Catamarca just one day before the Ámbito incident, on June 12, 2025. Before that, the group had targeted Perfil.com and Argentina.gob.ar, establishing a pattern of targeting Argentine media and government entities. The attackers’ modus operandi, as outlined, involves substantive content alteration coupled with symbolic imagery and ideological messaging. The article does not specify whether any user data was exfiltrated or if any systems beyond the public-facing content were compromised. There is no mention of any ransom demand, financial extortion, or service outage duration in the provided information. The narrative presented by Ámbito focuses on acknowledging the breach, describing the nature of the content alteration, and attributing it to the identified group. The outlet’s communication aimed to inform the public about the breach while taking responsibility for the disruption caused. No details were provided regarding forensic analysis, law enforcement involvement, or technical mitigation steps taken beyond the implicit correction of the altered content. The narrative concludes with the acknowledgment of the breach and the outlet’s acknowledgment of responsibility for the disruption caused to its audience. The statement served as both an acknowledgment of the breach and a commitment to address the issue, though specific remedial actions beyond content correction were not detailed in the disclosed statement. The narrative concludes with the acknowledgment that the attackers successfully altered content on a large scale, prompting the outlet’s public acknowledgment and apology.