A threat actor has allegedly compromised the systems of Correos de Chile, the state-owned postal service of the country, and is now selling full access on a popular cybercrime forum. Correos de Chile is a critical entity, operating under the Ministry of Transport and Telecommunications, responsible for handling a significant volume of both national and international payments and postal services. The breach represents a major potential threat to the country’s infrastructure and the security of its citizens’ data.
The seller claims to have gained access to a core host that manages the company’s entire network access control via OpenAm. This level of access allegedly provides the buyer with full Remote Code Execution (RCE) capabilities, effectively handing over control of the compromised systems. The threat actor boasts that the access is deep, including credentials for various internal systems and the ability to deploy their own applications within the postal service’s network.
To substantiate their claims, the actor listed several types of sensitive data that have allegedly been exfiltrated from Correos de Chile’s network. The actor also claims to have cracked the passwords for 70 out of 120 employees. The data allegedly for sale includes:
- JDB files
- LDAP backups
- Audit logs
- Configuration files containing credentials (storepass, keypass, etc.)
- Tomcat credentials
- JDBC database credentials
