Cyber Incident Victim: Argentine Ministry of Economy
Date:
Sep 2022
Location:
Argentina
Summary
A threat actor known as Everest offered network access to Argentina's Ministry of Economy for sale on a hacking forum, claiming possession of financial instruments and internal software. The ministry initiated an internal investigation and criminal proceedings, stating no evidence of unauthorized database access or data theft had been confirmed despite the public listing. Everest priced the alleged access at $35,000 but did not respond to direct inquiries, while the lack of a guarantor in the forum post raised potential credibility concerns. The incident prompted heightened scrutiny of the ministry's cybersecurity posture amid broader regional breaches affecting military and police organizations in Latin America.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 20, 2022, a threat actor using the alias “Everest” advertised access to the network of Argentina’s Ministry of Economy on a prominent hacking forum. The sales listing claimed the compromised access included financial instruments and software used by the ministry. Notably, the post did not utilize a guarantor or middleman service, a common practice to validate legitimacy in such forums, potentially raising skepticism among buyers due to Everest’s unestablished reputation. Contact instructions included a Tox ID, but Everest did not respond to initial inquiries via that channel. By September 21, the same offering appeared on Everest’s dedicated ransomware group website, where the group later confirmed to DataBreaches via email that the asking price was $35,000. The Ministry of Economy publicly acknowledged the incident, initiating both internal technical reviews and a criminal investigation. While the ministry stated its technical teams had not yet identified evidence of unauthorized database access, credential theft, or data exfiltration, officials emphasized the necessity of investigations given the public nature of the compromise offer.
In response to the listing, the Ministry of Economy, through Undersecretary Ricardo Casal, filed a formal criminal complaint to address potential crimes against state interests. The ministry launched an exhaustive internal investigation alongside judicial proceedings to determine if any breach or data theft occurred. Concurrently, Chilean defense institutions faced unrelated data leaks as part of “Operation Repressive Forces” by hacktivist group Guacamaya, though this activity was separate from the Everest incident targeting Argentina. No further public updates confirmed whether Everest’s access claims were validated, if data was exfiltrated, or if the $35,000 ransom demand led to negotiations or payment. The ministry’s public statements remained focused on investigative progress rather than confirming operational or financial impacts.