Cyber Incident Victim: Argentinian Ministry of Industry

On or around December 7, 2016, attackers identifying themselves as Kapustkiy and Kasimierz L. breached the official website of Argentina’s Ministry of Industry (produccion.gob.ar). The compromise occurred through unauthorized access to an administrator account, though the attackers clarified they did not employ SQL injection. Evidence confirmed the attackers obtained access to the site’s admin panel, which contained sensitive internal documents and databases of personal information belonging to ministry employees and associated individuals. The compromised data included names, home addresses, email addresses, phone numbers, and social media account details (Facebook and Twitter) for approximately 18,000 individuals. Kapustkiy stated they downloaded all files from the ministry’s servers but emphasized no intention to publicly leak the stolen data. Security researchers verified the administrator account’s password was exceptionally weak and easily guessable, though specific technical details of the attack vector remained undisclosed.

The Ministry of Industry was notified of the breach but had not issued a public response by the time initial reports were published on December 7. The website remained operational initially, though security analysts anticipated temporary downtime as administrators addressed the compromise. By December 9, the login portal for the admin panel became inaccessible, indicating remedial actions were underway, potentially involving IP-based geofencing to restrict foreign access or partial system takedowns. No confirmation was provided regarding whether the ministry had reset compromised credentials, purged unauthorized file downloads, or notified affected individuals. The incident exposed systemic vulnerabilities in the ministry’s cybersecurity practices, particularly the use of weak administrative passwords protecting sensitive citizen and employee data.