Analysis: Mexico data hack exposes government cybersecurity vulnerability

Mexico's President Andres Manuel Lopez Obrador gestures during a news conference at the National Palace in Mexico City, Mexico, June 20, 2022. REUTERS/Edgard Garrido/File Photo

MEXICO CITY, Sept 30 - A major hack into classified government information in Mexico, including thousands of emails from the armed forces, exposed the country's vulnerability to cyberattacks due to under-investment and poor technological preparedness, experts said on Friday.

President Andres Manuel Lopez Obrador confirmed on Friday the Defense Ministry had suffered a hack that revealed details about his heart condition - a form of angina - as well as information on criminal figures, transcripts of communications, and the monitoring of the U.S. ambassador to Mexico.

A group called "Guacamaya" - or "macaw" in Spanish - claimed responsibility for the hack and said on its website it had accessed six terabytes of data.

The size of the hack suggested prior planning, said Francisco Solano, an executive at IT services and consulting firm Logicalis.

"This did not happen by chance," he said.

According to Solano and other analysts consulted by Reuters, the vulnerability exploited by the hackers stemmed from a weakness in a Microsoft server detected last year, known as ProxyShell.

Although solutions to fix the problem were available, the government needed to carry out updates to implement them.

"You have the antidote, but nobody to apply it," Solano said, adding that there appeared to be a lack of resources to resolve the issue.

Microsoft did not immediately respond to an emailed request for comment.

On Friday, at his daily news conference, Lopez Obrador said that hackers had exploited a change in the military's IT systems, without giving further details.

The armed forces did not respond to a request for comment.

Governments worldwide have been increasingly targeted by aggressive cyber crime in recent years and have been forced to increase investment and focus on cybersecurity.

In Latin America, Mexico ranks as the country most targeted by cyberattacks in public and private sectors combined, several studies have shown.

Mexican oil company Pemex, National Lottery and National Transparency Platform have been hit by cyberattacks in recent years.

Although Mexico's government has steadily devoted more resources to cybersecurity, the investment is not enough compared to what is needed to ward off attacks, experts said.

Hackers would have needed up to three days to copy the information, said Adolfo Grego, a forensic specialist, also raising questions over why the government did not act sooner.

Reporting by Diego Oré; Editing by Muralikumar Anantharaman

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Covers politics, migration and security in Mexico and Central America, a Peruvian journalist with more than 20 years of experience in Latin America and the Caribbean including at magazines, newspapers and The Associated Press covering elections, coups d'etat, protests, summits, natural disasters and soccer matches.