🚨 🇪🇨 CYBER THREAT ALERT: POTENTIAL SERVER COMPROMISE – SOMOS BDA (BANCO DEL AUSTRO) ⚠️ DETECTION OF SUSPICIOUS FILE UPLOADS AND POTENTIAL BACKDOOR [STATUS: EMERGING THREAT / UNCONFIRMED] Activity has been detected from the group BROTHEROOD CAPUNG (BCI) targeting the domain somosbda.ec, a platform associated with employees and collaborators of Banco del Austro in Ecuador. Evidence suggests that the attackers have successfully breached the server's upload directory. 🎯 Affected Institution: Somos BDA / Banco del Austro. 👤 Threat Actors: BROTHEROOD CAPUNG (BCI). 📅 Detection Date: May 14, 2026. 📊 ACTIVITY ANALYSIS (UNCONFIRMED) The incident presents indicators of a compromise involving the upload of unauthorized files: 🧩 Shell/Backdoor Upload: A URL has been identified pointing to a file with an apparently executable extension located within the /uploads/ directory. Although definitive technical confirmation is pending, the phrase "Shel nya ampas" used by the actor suggests the successful deployment of a Web Shell or Backdoor to maintain persistence. 🔓 Credential Risk: The affected page is a login portal ("Log In - Somos BDA"). A backdoor in this location could be used to intercept credentials belonging to bank employees and collaborators (Internal Phishing or Formjacking). 🛡️ MITIGATION AND RECOMMENDATIONS 🛑 Directory Isolation: It is recommended to immediately restrict access to—and script execution within—the /uploads/ directory on the affected server. ⚠️ File Audit: Conduct a thorough inspection of recently uploaded files to identify and remove any Web Shells or malicious code. ⚡ MONITORING 🌐 Monitoring System: analyzer.vecert.io #CyberSecurity #BancoDelAustro #SomosBDA #Backdoor #WebShell #Ecuador #CyberAlert #VECERT #BCI #DataBreach