New Hacking Group Known as Karamujo Official Claims Responsibility for 5 Hacks Across North & South America

No photo description available.

Over the course of the last several days/weeks a new hacking group has been attracting my attention, which they now have. The group officially refers to themselves as “Karamujo” aka “#SST Stealers Team” and at least on the surface level, appear to have no discernible nationality amoungst themselves – nor commonality between their targets. The group also has an extremely unique style when it comes to leaking information, the type of information they leak and the manner in which they leak it – all styles/techniques I have never seen assembled like this before, which also goes to tell you a little something about them.

Considering that I’ve never covered them before and Defcon Lab has already covered their other hacking campaigns last week, for the purposes of this article I would like to cover 5 of their most recent and highest profile attacks – targeting various institutions and organization across North and South America.

Geographic Military Institute of Ecuador: hxxp://

[+] FTP:
[+] LEAK: (By @SSTowna)

Brasilian Institute of Geographic Statistics: hxxps://
[FILES]: (via @DebochadoSST)

City Hall of Rio de Janeiro: hxxp://

Virtual Library of The Constitutional Court of Ecuador: hxxp://

TeamGhost & AnonGhost Brasil Release Massive Leaks of Secretaria de Educação, Sistema Acadêmico & Secretaria de Estado de Pernambuco, Brasil

Once again, in news first brought to my attention via Defcon Lab, earlier this morning, February 16th 2019, two teams of international hackers going by “TeamGhost” and “AnonGhost Brasil” claimed joint responsibility for a string of hacks and leaks affecting different government agencies and educational institutions throughout Brasil. More specifically named in the leaks are the Secretary of Education and Academic Systems Site of Pernambuco, as well as the SIEPE systems of the Secretary of State of Penambuco, Brasil.

Exposed within the breaches are the root login credentials needed to access the official online web portal of Penambuco’s academic systems, along with various information on city educators, including their names, positions/title, ID numbers – et cetera. The second leak effecting the Secretary of State of Penambuco contains some a little more sensitive information, such as the full names, email addresses and passwords of hundreds of employees affiliated with Secretary’s office. While raw copies of the leaks have since been taken offline and the hackers have removed everything related to the hacks off their social platforms, they did manage to backup the leaks through screen shots of the compromised databases. You can access these images either through the links provided below or by browsing to the bottom of this article.



Leak Backup #1:
Leak Backup #2:

In a self described manifesto attached to the hacks and leaks, TeamGhost Brasil stated:

People who don’t know their history are doomed to repeat it. Not only this, but they are also doomed to live a life and future without perspective, because the only way to gain knowledge is by extending yourself beyond your expectations. 

The absence of training for what it mean to be a human imbibes people, leaves them imprisoned with a lack of even common sense, in the dogmatism of disconnected opinions, our collective individualism confused with egocentrism, in the easily corruptible consciousness of mankind, living in a corrupt and vain society. It’s the subject who doesn’t understand and lack knowledge of the abstract, because he can only understand what is being taught to them. We learn from the programming on television, because out teachers communicate with us in childish terms. For those of us who want to apply ourselves we seek diplomas or certificates in hopes of achieving social success or political office, the two most viable paths for easy enrichment. But only those at the bottom expect change from those above, because the great secret to humanity is that humans need to be led, and to be led we first need to learn. 

Sistema Acadêmico:

Image may contain: night

No photo description available.

No photo description available.

Systema Siepe da Secretaria de Estado de Pernambuco:

No photo description available.

No photo description available.

No photo description available.

Air Dominica & Costa Rican Travel Agency Hacked by KelvinSec Team, Vulnerabilities & Partial Databases Leaked Online

In news first brought to my attention via Defcon Lab this morning, February 16th 2019, an international hacking group known as “Kelvin Security” (KelvinSec Team) has claimed responsibility for a string of hacks and leaks effecting airlines across the Dominican Republic, Cuba and Slovakia. The hacks themselves appear to have carried out on the morning of February 13th 2019, before ultimately being published online for the first time on the evening of February 14th. Additionally, while there wasn’t necessarily too much information contained within the leaks themselves, the information does appear to be legitimate – at least at this time.

In the leaks provided below, KelvinSec Team primarily targeted, an international travel booking agency operating out of Costa Rica, as well as Air Dominica, a national airlines service flying to and from the Dominican Republic. While there was no motivation given for the attacks themselves, the hackers did leave behind a message in Belarusian reading “hacker is a person looking for information, gathering great people around the world, connecting to a network and scanning for vulnerabilities on their platforms” – perhaps indicating that the hackers are recruiting, and thus used the hacks/leaks as a means of getting publicity. While the initial reporting from Defcon Labs pointed to two other hacks and leaks effecting airlines in Slovakia and Cuba, also carried out by KelvinSec TeamRogue Media Labs was unable to independently confirm or deny the authenticity of the incidents. 

Contained within a leak pertaining to are list of SQL vulnerabilities which can theoretically land you straight inside any one of the sites databases, exposing information such as customer user names, passwords, birth names, emails and much more – theoretically granting you access over all the information these customers have entered onto the website about themselves, such as payment methods and history – et cetera. The hack/ leak of Air Dominica was unique in the fact that so little information was contained within it. For example, the leak only contained information on 34 passengers, exposing information such as their full names, email addresses, passwords and country codes. Presumably though, this wouldn’t even be enough information to cover a single flight into or out of the country, so it remains unknown what the hackers motives were for posting the – or what they did with all of the information uncovered.

Target: Air Dominica

Target: hxxp://

Brasilian Ministério da Saúde Hacked by L1r4, 1,200 Dados Records Leaked Online by Sr.Alto

In news first brought to my attention via Defcon Lab, a member of the hacking group “HYS Team” going by the name of “L1R4” has claimed responsibility for a major data breach effecting the Brasilian Ministry of Health. Included in a leak first published to Ghostbin by another member of HYS Team going by the name “Sr. Alto,” the document contains approximately 1,200 records – including CNES, CPF / CNPJ, addresses, telephone contacts, banking details and much more.

Additionally, as was explained by Defcon Labs, “there is evidence to suggest that the volume of data accessed exceeds 45,000 records from that database.” Adding that other than taking the hacker at their word, “there is also no information indicating that SUS systems were the at the origin of the data.” However, it is highly suspected that the hacker stole the data from various clinics, medical offices and hospitals across Brasil, all connected the SUS’s online web portal. The hacker also failed to disclose how SUS systems were compromised in the first place.

Raw Leak:

Leak Backup – Browse Through Leak:

[pdf-embedder url=””%5D

Officials Belonging To Brasilian Ministério da Defesa, Inteligência (Abin) & IT Firm Sepro Exposed by Data Breach

In news first brought to my attention via DefCon Lab last night, January 18th 2019, Brasil’s Minitry of Defense and national Intelligence agency (Abin) were victimized by a massive data breach, as was Brasilian based IT firm Sepro – the countries single largest Government IT service provider. The hack has been claimed in conjunction with something known as “Operation Copyright,” led by a hacker going by the name of “Sr.St0rm.

As the report by Defcon Lab points out, “the data leak seem to be related to a much larger leak compiled from various leaks effecting public and private systems. Thus, the users and passwords disclosed in this leak would be a by-product of this first leak, gathering data from Abin, the Ministry of Defense and Serpro.” Adding that “The publication contains at least 351 credentials (user and password), some of which in clear others do not.” In the leaked data browse-able below, you can find access to the files and/or social accounts of 14 members of Brasilian National Intelligence and access to the files and/or social accounts of 50 members of Brasi’s Ministry of Defense. The leak also contains similar information on 285 members of Brasil’s Government, stolen through Sepro servers.

In a message attached to the leak, Sr. St0rm released the following:


Website: hxxps://
Raw Leak:

No photo description available.

Browse Through Full Leak:

[pdf-embedder url=”” title=”e5qwt – Ghostbin”]

Corporación Universitaria Minuto de Dios In Bogotá Hacked, Student Database Contents Leaked Online

In news first brought to my attention via DefconLab earlier today, January 12th 2019, a hacking group by the name of “KelvinSecurity” (KelvinSecTeam) has announced a hack and data leak effecting the Corporación Universitaria Minuto de Dios (UniMinuto) in Bogotá, Colombia. In a leak posted to Pastebin, hackers released the school ID numbers, names and email addresses of hundreds of students, along with the name and email addresses of a little more than half a dozen school administrators. Investigating the leak further, the hackers also list the file folder names of 16 other data tables, including login information/credentials, school documents, department IDs and much more – indicating that hackers were able to gain administrator level access over the entire website.

While the group has traditionally been associated with Venezuela, today’s leak featured a message written in Belarusian, reading “KelvinSecurity is a person looking to gather information for talented people all around the work, connecting to networks exploiting their systems.” Historically, the group has been known to announce hacks in hopes of selling any data obtained from it online, though there is no indication the hackers are attempting to sell any data uncovered from Colombia today.

Website: hxxp://

No photo description available.

Brasilian IT Firm Tivit Suffers from 2nd Round of Data Leaks

On December 12th 2018, in what would become my second most read article of all time, Rogue Media Lab featured a report covering the hack of Tivit, A Brasilian based IT solutions and network storage provider. At the time, Defcon Labs, the original publisher behind the leaks, had reported that “the data seem to be internal process documentation of the company itself,” adding that it was “uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” However, a later report published by ZDNet on December 14th went on to reveal that, according to Tivit representatives, “nine members of staff had suffered a phishing attack through an email that contained a malicious link” – thus allowing the hackers to gain access to company computer/servers to steal the data.

Today the company suffered from its second round of leaks, featuring new information not included in the December 12th leak. In a posting to Pastebin earlier this morning, unknown hackers allegedly  posted access to 30 GB worth of data tied to password files and email archives of 10 Latin-American companies: Bradesco, CEF, Votorantim Energia, TecnicaZurick, Faber, Banco Original, CIP, Klabin and Acominas.

** EDITORS NOTE: The 9 additional downloads posted through have already been taken down in the +3 hours since the leaks were posted online, but all data hosted through AnonFiles is still live/active. **

Additionally, in statements to Rogue Media Labs, Aline Rodrigues, a corporate spokesperson representing TIVIT, wanted my readers to know that:

A TIVIT comunica que as informações publicadas na data de hoje, 08.01.2019, são provenientes do mesmo incidente de segurança ocorrido e noticiado em dezembro de 2018. Trata-se, portanto, apenas de uma publicação de informações relacionadas ao incidente anterior. Os clientes envolvidos já foram notificados e as ações cabíveis foram tomadas em comum acordo com eles. Reforçamos que não houve nenhum tipo de invasão aos data centers da empresa, das redes de acesso da TIVIT ou de nossos clientes.

Translation for English Readers:

“TIVIT announces that the information published on today’s date, 08.01.2019, comes from the same security incident that occurred and reported in December 2018. It is therefore only a publication of information related to the previous incident. The clients involved have already been notified and the appropriate actions have been taken in agreement with them. We reinforce that there was no invasion of the company’s data centers, TIVIT access networks or our customers.”

Leak 2 | January 8th 2019

Raw Leak (8,313 Lines):

Leaked Files/Databases:

Download 1 (1.68MB):
Download 2 (44 B):
Download 3 (350 B):
Download 4 (1.04 MB):
Download 5 (28 B):
Download 6 (214.91 KB):
Download 7 (392.86 KB):
Download 8 (1.05 MB):
Download 9 (1.32 MB):
Download 10 (31.57 KB):
Download 11 (11.7 KB):
Download 12 (34.43 KB):
Download 13 (220.74 KB):
Download 14 (391.12 KB):
Download 15 (197.95):
Download 16 (466.8 B):

All files

4,4G 27 Dez 10:39 NG
4,4G 27 Dez 10:44 NG
428M 27 Dez 10:44 NG
2,8G 21 Dez 16:30
736M 1 Out 00:15
700M 29 Set 19:36
6,3G 21 Dez 16:39!66g2mARL!H2Oc416sM82MlTDpcQhGzZyIAT77t1a37GLBgLrOefw!Py4gFApQ!dS2N1wU17gcQeiClmQQCTupec_Eje4wkH3j9oFFacJU!y65gBS7C!vI7sQi4q2sN4SuoLR_7Xdznz-Jb-xGFkSnjazhDTgZk!L7pU0Cga!jQZcYqtI0VelPGD7yD9Rp3QacoMvGxF7kfrfLBG__Pc!frh0QKQb!XNYJTyxgZEYHHXMRxa2Uh5Ml3lPSl3Vei4pANj3a_EE!vuoSCYLY!WCb_O3tHr1uWUT35UMD72n0OQ0PD0OE0v8eluvZ3tp4!q2pwSI7Z!xZDwMr-PKFbpBKm_QHcFvfFgi-byfnxv711LQ4Z_WYg!GjomzAiL!ZNiPc_nMKsQ9wId6QTTJ4HpRc96KvEauPmbgYisg_dw

Leak 1 |December 11, 2018:

Raw Client Credentials Leak:
Database File Download 1 (18.31 MB):
Database File Download 2 (617.68 KB):
Database File Download 3 (266.83 KB):
Email Database Download (149.69 MB):

Ecuadorian Burger King Databases Hacked by Take Down Root, +155,000 Clients Effected

In news first brought to my attention via Defcon Lab, a hacking group going by the name of “Take Down Root” has claimed responsibility for a massive hack of Burger King, effecting franchise chains throughout the country of Ecuador. In a posting on, an underground social media aggregator similar in many ways to Facebook, the group announced that have successfully hacked the data of well over 150,000 clients belonging to fast food chains online web portals.

According to the hackers, they managed to steal approximately 4.1 Gigabytes (GB) of data attached to a MongoDB web server hosted by in Scottsdale, Arizona – apparently where the franchise choose to host their data. All told, approximately 155,645 customers throughout Ecuador were effected, revealing information such as their unique identification numbers, full names, passwords and email addresses.

Image may contain: food and text

While the hackers declined to publicly release the data of each and every client effected, they did release screen shots from their activity whilst inside the database, as well as a small sample of 1,000 clients through the Pastebin web service.

Server IP:
Data Leak of 1,000 Clients:

Screen Shot from Inside Database:

No photo description available.

Akatsuki Gang Announces Hack of Brasil’s Ministry of Finance, Leaking Location of Site Exploits & Databases Online

In a posting released on Twitter December 20th 2018, the “Akatsuki Gang” announced a hack of Brasil’s Ministry of Finance, managing to leak sensitive information tied to the sites back end, inner workings and databases online. Analyzing the attack, it appears as though the Akutsuki Gang exploited an SQL vulnerability attached to the landing page of – gaining remote access to a MySQL database containing PHP version 7.2.10 files hosted on a Microsoft-IIS 10.0 web server.

While the leak contains approximately 6,345 lines, most of the data is mirrored locations of various folders, files and databases contained on the sites web page – only browse-able should you gain physical access to website yourself. With that said however, there is some interesting/valuable material contained within the information dumped online, such as a full list of all the sites DNS records, the IP Address and destinations of all the sites sub-domains, the websites IP, Network and Netmask Addresses, as well as the sites back end login page – which isn’t currently protected against brute force attacks.

In a message attached to the hack/leak, the Akatsuki Gang released a full list of its members, explaining that “We Are: SNM Anops &&& D3coder &&& Knushh &&& SpySec &&& L0ster &&& CooldGirl &&& Satuur.” Also leaving behind a dark/ominous message stating “Can you take revenge on evil without becoming a part of it? I do not live to please you, when I make choices I’m prepared to face the consequences myself. Otaku is good, it’s just Otaku being himself.” According to a separate press release on Twitter, the Akatsuki Gang announced that they will be targeting Brasil’s Ministry of Agriculture, Livestock and Farming next.

Website Effected: hxxp://
Location of Vulnerability: hxxp://
Raw Leak:

This is the first time I have covered the Akatsuki Gang for Rogue Media Labs, but the group has been extremely active throughout the later half of 2018. For example, over the course of the last 3 months alone, the group has hacked websites and databases belonging to the Military Police of Piaui, Military Police of the State of Goiás, Civil Police of Rio de Janeiro, Federal University of Rio de Janeiro, Brasilian Party of Women and municipalities of the states of Natal, Mins Gerais, Pernambuco, Santa Catarina and São Paulo, as well as pages of USP and the Courts of Justice of Espírito Santo (TJES) and Santa Catarina (TJSC).

Read More About The Groups Activities Here:

No automatic alt text available.

Brasilian Based Cloud Storage & IT Solutions Firm Tivit Compromised by Massive Data Breach

In news first brought to my attention via Defcon Lab on December 12th 2018, various databases and cloud storage servers belonging to Tivit, a Brasilian based IT solutions and network storage provider, were hacked/compromised by unnamed assailants. In a series of leaks across Twitter over a 5 day time period, between December 7th-12th 2018, the login user names and credentials to more than a dozen Tivit cloud storage clients/accounts were dumped online. At the present moment in time no one has claimed responsibility for the hack, and it appears as though though the Twitter handle used to leak the information online (@infoleakbr) was created earlier this month exclusively for this very purpose.

About the incident in question, as was explained by Defcon Labs, “São quase mil linhas de código que aparentam conter rotinas internas da empresa, além de credenciais de acesso de diferentes clientes empresariais de grande porte.” Adding that “Os dados parecem ser documentação de processo interna da própria empresa, sendo incerto se foram produto de uma ação ofensiva ou publicados involuntariamente por equívoco.” You can view all the leaks in their entirety below.


About the incident in question, as was explained by Defcon Labs,”there are almost a thousand lines of code that appear to contain internal company routines, as well as access credentials of different large enterprise customers.” Adding that “The data seem to be internal process documentation of the company itself, and it is uncertain whether they were the product of an offensive action or published involuntarily by misunderstanding.” You can view all the leaks in their entirety below.

Identifiable Clients Exposed By The Breach:

CIP – hxxps://
JMACEDO – hxxp://
MULTIPLAN – hxxp://
BRASKEM – hxxps://
FABER – hxxp://
SAE – hxxp://
MITSUI – hxxps://
ZURICH – hxxps://
KLABIN – hxxps://
VOTORANTIM – hxxp://
SEBRAE – hxxp://

Raw Client Credentials Leak:
Database File Download 1 (18.31 MB):
Database File Download 2 (617.68 KB):
Database File Download 3 (266.83 KB):
Email Database Download (149.69 MB):

Paraná Escola Estadual Presidente Kennedy Hacked by Abkhazyan

In news first brought to my attention via Defcon Lab, a Portuguese hacking news platform operating out of Brasil, on December 6th 2018 a hacker going by the name of “Abkhazyan” managed to hack the website of President Kennedy State College in Paraná, Brasil and root its servers. While no explanation or motive behind the attack was given, Abkhazyan did label the hack #OpZyklon-B, though no one is quite sure what that means either.

Website Effected: hxxp://
Raw Data Leak:

No automatic alt text available.

No automatic alt text available.

Bank Records of Tapiratiba Municipal Town Hall Hacked, Access To 32GB of Data Leaked Online

In news first brought to my attention via Defcon Lab yesterday, December 3rd 2018, two hackers going by the name of “AZR3L“and “Dz3rj1nsky” have announced a major hack/leak tied to the Banco De Daddos Da Prefeitura Municipal De Tapiratiba in Brasil. While the hackers did not disclose everything they’ve uncovered in their initial press release, they did explain that the information provided below contains approximately 32 GB of data, including “financial statements, employee records, federal revenue service, boxes, plans, and hundreds of other documents” tied to town hall officials. The hackers also explained that because of the sheer size and volume of the files contained within the leak itself, it would’ve been too much for them to release at once or host locally themselves. So rather, the hackers decided to leak the file location and credentials necessary for readers to browse through it online, or download directly for themselves. Additionally, to verify the authenticity of the leaks, Arz3L and Dz3rj1nsky have released several screenshots of the leaked material contained within the file on social media.

Full Raw Leak:
File for Download:
Filename: z.rar

Site IP:
Username: w00ted
Password: 1234@w00t