Comando de Apoyo Táctico de la Región Estratégica de Defensa Integral José Antonio Páez

CATROPAEJB, known as the Comando de Apoyo Táctico de la Región Estratégica de Defensa Integral José Antonio Páez, is a tactical support command within the Venezuelan army. Based on a documented security incident, the organization operates a financial system that manages sensitive personnel data for military personnel, including full names, email addresses, and telephone numbers. This system is part of its broader role in providing logistical and administrative support within the José Antonio Páez strategic defense region. The command's headquarters are located in Venezuela, and it is referred to by its acronym CATROPAEJB in official and operational contexts. The financial system it administers is accessible via webmail platforms, which were targeted in a breach. The nature of the data handled indicates responsibilities in payroll, human resources, or similar army support functions. As a military entity, CATROPAEJB operates under the structure of Venezuela's National Bolivarian Armed Forces, though specific parent commands are not detailed in available records. Its activities are confined to the regional defense framework assigned to the José Antonio Páez zone.

In December 2016, CATROPAEJB's financial system suffered a compromise that exposed approximately 3,000 user accounts. The attacker, who identified as a security researcher, claimed to have obtained webmail system credentials that could enable access to user data but asserted no unauthorized data retrieval occurred, framing the incident as a security demonstration. The breach exploited a previously known vulnerability that had remained unpatched despite prior compromises of the same system. The hacker alleged collaborations with foreign governments to remediate such flaws but indicated no evidence of corrective actions by CATROPAEJB, leaving the sensitive personnel information at ongoing risk of exposure. This incident highlighted significant deficiencies in the command's cybersecurity posture and patch management practices. The exposed data included personally identifiable information of army personnel, potentially compromising operational security. The breach was publicly reported, drawing attention to the vulnerability of military administrative systems in Venezuela. No subsequent public disclosures detail remediation efforts or changes to the system's security following the incident.