Skull1172 Hits Colombian Government Sites on Election Day

Summary

Today's claims clustered hard on government. A single actor's broad assault on one Latin American state's institutions coincided with its presidential vote, while public-sector bodies across Southeast Asia drew a parallel wave. Whether for hacktivist signaling, extortion leverage or simple opportunism, citizen-data systems held by governments have become the soft target of choice -- and set-piece political events visibly concentrate that risk.

Today's developments

The day's most concentrated campaign struck Colombia as it voted. An actor operating as Skull1172 claimed breaches of more than a dozen Colombian state bodies, among them the education-testing agency ICFES, the pension administrator Colpensiones, the Fiscalia General prosecutor's office, the National Police, Migracion Colombia, the National Civil Registry, the statistics department DANE and the mayor's office of Medellin. Separately, an actor calling itself Hydr0gen claimed a breach of Colombia's National Electoral Council -- the very body overseeing the election under way.

Southeast Asian governments drew a second wave. Actors including CYBER DARK ECHO, SCTH and Mrsawit claimed leaks from Indonesian institutions ranging from the Supreme Court (Mahkamah Agung) and the ministries of Religious Affairs and Human Rights to several regency-level administrations, while in Thailand the actor NIKK BOSS claimed intrusions at a state school and the Royal College of Surgeons of Thailand.

Western and corporate targets featured too. An actor using the handle The BlackH4t MD-Ghost claimed data from Salesforce and, separately, from WhatsApp and Iraq's trade ministry; others claimed breaches of the US cable operator Charter Communications, the vehicle-auction firm Copart, the dating services Bumble and Social Catfish, and the Saudi-based Dallah Hospital. The pro-Palestinian actor Handala Hack claimed an Israeli non-profit serving Holocaust survivors.

On the disruption side, the pro-Russian group NoName057(16) and the hacktivist crews Dark Storm Team and CYBER DARK ECHO logged the bulk of the day's denial-of-service claims. External reporting was sparse, but Dutch authorities said they had dismantled a botnet linked to some 17 million infected devices.

Threat landscape signals

Of 137 tracked events, 76 were data-breach or leak claims, and government administration alone accounted for 43 -- a decisive tilt toward public-sector data over corporate extortion. The geography tracked political flashpoints: the United States drew the most claims, but Colombia, Indonesia and Thailand together far outweighed it, with Colombia's surge tied directly to its election. Actor concentration was stark, with a single handle responsible for the entire Colombian government cluster.

For defenders, the signal is timing and exposure. Election cycles and other set-piece political events draw breach and leak activity toward state institutions, whose citizen-data holdings make any single intrusion high-impact. Public-sector bodies in Latin America and Southeast Asia, often working with thinner security budgets, remain the most exposed -- and the registry, electoral and identity systems hit today are precisely the data classes that enable downstream fraud.