Mexico City Superior Court of Justice Reportedly Breached
The Superior Court of Justice of Mexico City has become the latest target of a significant cyberattack. This breach is said to have exposed a massive database containing sensitive information of over 300,000 accounts, including hashed passwords and judicial records from 2017 to 2024. The data, now being sold on the dark web, raising alarms over potential identity theft, financial fraud, and unauthorized access to the judicial system. The threat actor allegedly behind the attack is known as “PanchoVilla” and linked to the hacker organization known as the Mexican Mafia.
The database has reportedly been made available on a dark web forum with a price tag of $1,000. For $5,000, the offer allegedly includes additional capabilities that might enable unauthorized access to the court’s virtual infrastructure, such as remote code execution and an ESXi exploit.
This situation is further complicated by a recently disclosed VMware ESXi vulnerability, CVE-2024-37085.
This flaw allows attackers to gain full administrative access to ESXi hypervisors through a vulnerability in Active Directory integration, which ransomware groups have exploited to deploy attacks like Black Basta.
We have seen cyber threats become increasingly sophisticated, posing significant risks to critical institutions. The recent breach of the Superior Court of Justice of Mexico City, following other alarming incidents involving SEDENA and PEMEX, raises serious national security concerns.
Despite the severity of the claims, there has been no official confirmation from Mexican authorities regarding the breach. The Superior Court of Justice of Mexico City has not released any public statements addressing the incident. The threat actor’s decision to include samples from the alleged data breach adds a layer of credibility to their claims, although it complicates efforts to verify the breach without further investigation.
The CVE-2024-37085 vulnerability has been actively targeted by ransomware groups such as Storm-0506, which exploit the flaw to gain administrative privileges and encrypt virtual machines hosted on ESXi hypervisors. Microsoft and VMware have issued advisories urging organizations to apply the latest patches and recommended configurations to mitigate these risks.