A threat actor claims to have compromised the internal networks of the Fiscalía General del Estado de Guanajuato (Attorney General’s Office of the State of Guanajuato) in Mexico. The breach reportedly occurred on November 8, 2025, affecting the main domain and several subdomains, including those associated with the municipality and police department institutions. The attacker alleges they gained access at the domain controller level, encrypted data, deleted backups, and disabled security products. The actor also claims that critical infrastructure, such as VEEAM backups and the Security Center, were located on the compromised domain and secured with weak administrative passwords.
According to the actor, over 250GB of data was exfiltrated, with a portion of it allegedly sold to a third party. The actor has released approximately 70GB of the remaining data as proof of the intrusion. The allegedly compromised data includes:
-
Criminal files held by the Chief Public Prosecutor’s Office
-
Personal data of officials
-
Municipality camera footage and surveillance snapshots
-
Internal communication logs
-
Complete SQL databases
-
Detailed information on internal organizational structure












