🚨 CYBER INTELLIGENCE ALERT: 🇨🇱 [UNCONFIRMED / CRITICAL] INTERNAL ACCESS TO TELECOMMUNICATIONS — VTR CHILE [STATUS: UNCONFIRMED / NETWORK INFRASTRUCTURE COMPROMISE] A post originating from the Telegram channel of a threat actor named "Rutify" has been detected. The visual evidence processed in the screenshots, , demonstrates that the attacker has gained direct administrative access to the internal provisioning, network management, and customer control panel of the telecommunications company VTR Chile. 📂 Technical Analysis of the Visible Evidence The screenshots reveal access to an internal web administration panel with deep privileges over the provisioning of fixed and mobile services for VTR Chile. Three major risk vectors were identified based on the exposed modules: 1. Network and Critical Infrastructure Management (Network & Provisioning) The system's sidebar exposes operational menus that compromise the ISP's network: Node Status & CMTS Pools: Control over the status of CMTS (Cable Modem Termination System) nodes and pools, the core infrastructure that connects VTR's broadband customers' cable modems. DHCP Leases & Traffic Stats: Access to the network's IP address assignments and real-time traffic statistics. Provisioning (Job Queue / Config Templates): An active job queue with 12 pending requests and configuration templates. Modifying these templates would allow an attacker to alter the physical provisioning of customer services. 2. Geographic Infrastructure Mapping (Chile Nodes) The screenshots show key identifiers from the internal network naming convention that confirm the geographic impact on Chilean municipalities and infrastructure: SCL-LAS-COND-07 and SCL-CMTS-04: Direct references to infrastructure located in Santiago, Chile (SCL), specifically in the Las Condes municipality. VLP-CENTRO-01: Infrastructure assigned to the Valparaíso region (VLP). CCP-NORTE-02: Nodes linked to the Concepción / Biobío region (CCP). 3. PII Exfiltration and Financial Plan Control The "Account Detail" section and plan modules demonstrate the ability to extract and alter critical customer data in Chile: Exposed Identity Fields: The system stores and allows searches using the RUT (Tax ID), subscriber number, account number, service number, and the customer's current IP address, as well as sensitive mobile identifiers such as the ICCID (SIM card serial number) and IMSI (International Mobile Subscriber Identity). Financial Rate Manipulation: A live query shows an active plan named "Postpago 50GB — " (Chilean Pesos). The panel displays a menu for immediate plan changes under the CUST_REQUEST (customer request) order type, meaning the attacker can alter the company's billing systems. 🛡️ Recommended Actions (Defensive Measures) Perimeter Blocking and Session Revocation: The VTR Chile/ClaroVTR security team must be alerted urgently to identify access logs for their provisioning tools (specifically the backend modules shown in the screenshots), revoke all active web sessions, and enforce the strict use of hardware-based multi-factor authentication (MFA). VECERT TOOLS Strategic Monitoring Tools & Intelligence Platform: 🌐 analyzer.vecert.io Security Verification & Monitoring: 🛡️ monitor.vecert.io #CyberSecurity 🔐 #Chile 🇨🇱 #VTR #ClaroVTR #DataBreach 📁 #Telecoms #SIMSwapping #RUT #InitialAccess #ThreatIntelligence 📊 #VECERT 🏢

Dudes will say DeFi is unsafe when most banks still use SMS 2FA only and every major mobile provider is 3 questions away from simswapping you. smh

🚨 STRATEGIC CYBERINTELLIGENCE ALERT: ANATOMY OF THE CaaS PLATFORM IN COLOMBIA 🇨🇴 ⚠️ TECHNICAL BREAKDOWN OF THE CRIMINAL INTELLIGENCE BOT AND THE EROSION OF DATA PRIVACY [STATUS: ACTIVE TOOL / CRIME-AS-A-SERVICE MODEL / EXTREME RISK OF FINANCIAL FRAUD AND EXTORTION] The cybercrime ecosystem targeting Colombia has evolved toward industrialization. The detected tool is not merely a leaked database, but a sophisticated Crime-as-a-Service (CaaS) engine operated via Telegram (attributed in recent investigations to the threat actor ɪʀᴏɴ ᴀᴛʟᴀꜱ). This platform enables any criminal—regardless of their technical proficiency—to perform real-time queries (utilizing both OSINT and private databases) to comprehensively profile any Colombian citizen, thereby facilitating attacks. 🧠 TECHNICAL ANATOMY OF THE PLATFORM The success of this bot lies in its distributed client-server architecture and its ability to unify disparate data sources into a single, user-friendly interface. 1. Operator Interface (Frontend - Telegram) Anonymity and Accessibility: By being hosted on Telegram, the bot inherits the application's privacy infrastructure, making it difficult to trace the IP address of the operator (the criminal client) as well as that of the central server. Query Modules: The interface offers an interactive menu featuring predefined commands. The criminal simply needs to input an initial data point—such as a national ID number, a phone number, or an email address—to trigger a massive, cascading search. 2. Correlation Engine and Backend (The Core) Microservices Architecture: Behind the Telegram bot lies a backend server (likely hosted in "bulletproof" jurisdictions) that receives the request and simultaneously distributes it to multiple extraction scripts (scrapers) and APIs. Data Enrichment: If a cybercriminal enters a phone number, the engine queries telecommunications providers to obtain the name of the account holder. It then takes that name and queries the National Registry Office to retrieve the corresponding National ID number. Using the National ID, it queries the DIAN (Tax Authority), the Traffic Registry (RUNT), and credit bureaus. Structured Output: The engine compiles all this information into a clean, structured report (a "Dossier") that is delivered to the client within seconds. 🗄️ DATA SOURCE ECOSYSTEM (DATA PIPELINE) To achieve this level of detail, the platform has successfully channeled—through the theft of API credentials, the exploitation of web vulnerabilities, or the purchase of access from insiders—three major information verticals: 🏛️ Government and Public Infrastructure: Identity and Demographics: National Civil Registry (validation of biometric data and National IDs) and Migration Colombia. Taxes and Property: DIAN (Tax Registry/RUT, business activity), IGAC (Cadastre/real estate records), and RUNT (vehicle ownership, mandatory insurance/SOAT, traffic fines). Security and Defense: National Police, Inspector General's Office, and Military Forces (criminal records, disciplinary records, and military service status). 🏢 Private Sector and Telecommunications: Operators (Telcos): Claro, Tigo, Movistar, and WOM. This enables the association of identities with mobile numbers—a capability fundamental to SIM hijacking (line hijacking) attacks. Comprehensive Healthcare: ADRES, EPS (Health Service Providers), and Insurance Companies (Sura, Seguros Bolívar). 🏴‍☠️ Underground Sources (Dark Web): Integration with historical data breaches and records derived from "Infostealers" (malware designed to steal passwords and browser cookies from infected systems). 💸 IMPACT ON FINANCIAL INVESTIGATIONS AND CRIMINAL TTPs The integration of queries directed at credit bureaus (Datacrédito, TransUnion) and banking institutions transforms this bot into a lethal weapon against the financial sector. Attackers leverage this infrastructure to execute the following Tactics, Techniques, and Procedures (TTPs): SIM Swapping Fraud: Armed with Telco data and the victim's full identity, the scammer impersonates the victim—either in person at a retail branch or over the phone—to port the phone number to a new SIM card, thereby intercepting one-time passwords (OTPs) sent via SMS by banks. Highly Personalized Extortion: Criminals select victims based on their tax filings (DIAN) or vehicle ownership records (RUNT). These extortion calls feature specific details regarding the victim's vehicles, immediate family members, and home address, thereby drastically increasing the likelihood of payment through intimidation. #CyberSecurity #Colombia #CrimeAsAService #OSINT #DataBreach #FinancialFraud #ThreatIntelligence #CiberAlerta #VECERT #Infosec #SIMSwapping

#USA4USA #USA #deathtower #6G with #5G #4G #LTE etc again just asking...#deathtower #6G &/or devices #illegal in #USA still? If so can #USA #LawEnforcement etc use their #7G etc #StingRay program #2catch #2arrest etc #6G etc in #USA? #EndSIMswapping #EndSwappingSIM #simswapping

🇺🇸 A threat actor on an underground forum is advertising what they claim to be a dataset containing approximately 1.5 million Binance US-related phone records. According to the post, the exposed data appears to include: • Phone numbers • Verification status indicators • KYC-related attributes • Country/location fields • Account status metadata • Potential account validation markers The sample shown references terms such as: • “verified” • “kyc” • “USA” • account-state indicators At this stage, there is no confirmation that this originated from: • Binance US internal systems • a third-party provider • a scraped source • credential aggregation datasets • SIM/KYC brokerage ecosystems However, if authentic, cryptocurrency-related phone datasets can carry significant operational value for threat actors because they may enable: • SIM swapping campaigns • targeted phishing • crypto account takeover attempts • identity correlation • MFA interception attacks • social engineering against high-value crypto holders The combination of: • phone numbers • KYC references • verification indicators can be particularly dangerous in the crypto ecosystem where attackers frequently target: • SMS-based authentication • recovery workflows • exchange support impersonation From a threat intelligence perspective, even partial datasets tied to crypto platforms are often monetized because attackers use them to: • identify likely exchange users • build victim targeting lists • conduct credential stuffing • launch fake compliance/KYC notifications • impersonate exchange support teams It is important to note: • underground forums frequently recycle older leaks • some datasets are assembled from scraping or prior breaches • actors often falsely label unrelated data as “Binance” to increase value and visibility At the time of reporting: • The claim remains unverified • No official confirmation has been publicly issued • The origin and freshness of the alleged data are unknown If validated, potentially affected users should immediately: • disable SMS-based MFA where possible • move to authenticator or hardware-key MFA • review account recovery settings • monitor for SIM swap indicators • remain cautious of fake Binance support communications • verify all exchange-related emails and SMS messages carefully Crypto platform users should be especially alert for: • urgent KYC update requests • fake withdrawal alerts • spoofed customer support calls • QR-code phishing attempts • MFA reset scams This remains an unverified underground claim at the time of reporting. #DDW #Intelligence #CyberSecurity #DarkWeb #DataLeak #ThreatIntelligence #Binance #Crypto #SIMSwapping #KYC #Phishing #Cryptocurrency #Infosec

🪙🚨 A threat actor on an underground forum is claiming to sell a dataset allegedly tied to Coinbase users, advertised as containing approximately 80,000 records. According to the screenshot, the alleged sample fields include: • First name / Last name • City • Email address • Mobile number • URL/account reference • BTC balance • ETH balance • USDT balance The actor is reportedly asking around $850 for the dataset and shared contact information via Telegram. At this time: • The claims remain unverified • There is no public confirmation from Coinbase • The authenticity and source of the alleged data are unknown The inclusion of cryptocurrency balance fields is notable because datasets containing wallet holdings or estimated balances are highly attractive to: • Phishing groups • SIM swapping actors • Social engineering crews • Crypto extortion operators • Credential theft campaigns However, it is important to note: Claims involving “Coinbase databases” are frequently recycled, repackaged, or enriched from: • Previous credential leaks • Infostealer malware logs • OSINT scraping • Blockchain enrichment datasets • Phishing collections • Compiled marketing/contact databases At this stage, there is no evidence confirming a direct Coinbase platform compromise. Potential risks if legitimate include: • Targeted phishing against high-balance users • SIM swap attacks • Credential stuffing attempts • Wallet-targeted social engineering • Account takeover campaigns • Increased crypto extortion attempts Recommended actions for users: • Enable hardware-based MFA/security keys where possible • Avoid SMS-only MFA • Review account recovery settings • Monitor for phishing emails and fake Coinbase support messages • Rotate passwords if reused elsewhere • Watch for suspicious login attempts or device changes Crypto-related underground datasets often gain rapid traction because threat actors prioritize financially motivated targeting over mass exposure alone. This is currently an unverified underground claim pending independent validation. #Coinbase #Crypto #DDW #Intelligence #CyberSecurity #DarkWeb #DataLeak #Cryptocurrency #ThreatIntelligence #InfoSec #SIMSwapping

However/who all been/are involved with #SIMswapping etc remain #ILLEGAL needed/need #2B #USA #prisoninmate(s). I remain NEVER interested in #nerdy etc types bs. Any/all want #2B #hacker(s) etc needed/need #2apply to #USA #NSA etc #4job

#USA4USA #USA #phone #service #paused? #SIMswapping #IDTHEFT? just saying...#phone #carrier(s) should also be held accountable !! youtu.be/kOVv8XKxX2c?si=UXej… #ENDsimswapping #ENDswappingSIM #fraud #racketeering

¡Atención! Si te clonaron el chip de tu celular, la Suprema Corte ahora obliga a las telefónicas a pagar por los daños. #SIMSwapping #DerechosDigitales #Seguridad

Les recomiendo NO CONTRATAR @baitmxoficial Ya es la segunda vez que hacen #SimSwapping y les caerá una tremenda demanda por daños y prejuicios. @IFT_MX Amanecimos con un teléfono que no reconoce SIM, y claramente es porque alguien se adueñó de ese número. #Alerta @Trafico_ZMG

¿Tu móvil se quedó sin cobertura de repente? Podrías ser víctima de #SIMSwapping🕵️‍♂️👇🏻

🚨 CYBER THREAT ALERT: ALLEGED MASS SALE OF COINBASE USER PII 🌐 🌐 An active listing has been detected on Dark Web forums—posted by the threat actor OnarDev—offering for sale a database allegedly containing 2,000,000 (2 million) unique records of Coinbase users. The dataset is advertised as a recent extraction (covering the 2025/2026 timeframe); if legitimate, this would pose a critical risk regarding social engineering attacks and financial fraud. 📍 Allegedly Affected Entity: Global Coinbase users (High concentration in the U.S., UK, EU, and Canada). 👤 Threat Actor: OnarDev. 📊 Claimed Data Volume: 2,000,000 unique records. 📅 Detection Date: April 7, 2026. 📦 ALLEGEDLY EXPOSED INFORMATION: According to the attacker's listing, the database contains critical data fields designed to facilitate targeted attacks: 👤 Full Name: Legal first and last names. 📍 Location: Geographic distribution by country. 📧 Email: Primary email addresses, allegedly verified. 📱 Phone Number: Mobile numbers allegedly linked directly to platform accounts. Monitor: analyzer.vecert.io #Cybersecurity #Coinbase #AllegedLeak #CryptoRisk #SIMSwapping #DataBreach #OnarDev #VECERT #InfoSec #CyberSecurityAlert

are they simswapping to hack these accounts?

🚨 CYBERINTEL ALERT: Massive Data Leak at Rogers Communications and Fido 🇨🇦📱 Our platform has detected a critical-level security incident affecting Canada's largest telecommunications company, Rogers Communications, and its subsidiary, Fido. Victim: Rogers Communications & Fido (Canada) 🏛️. Threat Actor: Murad 🎭. Volume: 10.9 million lines (records). Date: March 22, 2026 🗓️. Compromised Information: The actor claims that the data originates directly from Rogers' and Fido's mobile infrastructure. Although the exact content of the "lines" is currently under analysis, this type of telecommunications breach typically includes: 🔹 Subscriber Data: Names, addresses, and account numbers. 🔹 Technical Identifiers: Phone numbers, Call Detail Records (CDRs), and potentially SIM card serial numbers (ICCIDs) or device serial numbers (IMEIs). 🔹 Security: The actor demands the use of a GUARANTOR (intermediary) for the transaction, indicating the high perceived value and alleged authenticity of the dataset. Monitor: analyzer.vecert.io #CyberSecurity #RogersCommunications #Fido #Canada #DataBreach #Murad #InfoSec #CyberAlert #TelecomSecurity #SIMSwapping #DataPrivacy

🚨Facilidad para suplantar a un cliente y la dificultad para terminar un contrato favorece delitos #SIMswapping ⚠️Exigimos a autoridades cumplimiento en mejorar normativa de contratación / desvinculación sentenciada por @CorteConstEcu en Ago 2025

I wonder what will be the next big thing @KurtRustles 😁 these things are a 5-7 year cycle, 2015 - 2022 simswapping, 2022 - 202? for calling / SE, i believe something new will come, some1 just need to knock over the first domino

Te hicieron simswapping. Anda a la operadora y denuncia. No es culpa del gordo Egas de hecho

Y acá está el responsable de esto: Martín Colonnese aka "Azthex", ya fue preso por hacer simswapping, papá abogado le consiguió la excarcelación y ahora vende bots con los datos de todos los argentinos Si te suplantaron la identidad, fue Colonnese

SIM-swapping attacks are a growing threat where scammers hijack your phone number to gain access to personal accounts. They trick mobile carriers into transferring your number to a SIM card they control. This breach can lead to unauthorized access to your emails, bank accounts, and more, as two-factor authentication codes may be sent directly to the attacker. To protect yourself, avoid sharing personal info on social media, use app-based authentication over SMS, and monitor for unusual account activity. AnoSim offers a robust solution with anonymous SIM cards and eSIMs, ensuring your identity and data stay hidden from prying eyes. No-KYC means no personal data is ever required, fortifying your defense against such attacks. 💪 Explore AnoSim’s offerings for a safer digital experience: sim.anoncult.com #SIMSwapping #AnoSim

Fuck doxxing in Simswapping both of you. Love identity theft