In an incident that highlights persistent vulnerabilities in cybersecurity infrastructure, the National Autonomous University of Mexico (UNAM) has been the target of a devastating cyber-attack. A cybercriminal calling himself “Lord Peña” has successfully infiltrated a UNAM server, specifically the Institute for Research in Applied Mathematics and Systems (IIMAS), extracting more than 2.3 million confidential files and emails. This attack not only endangers data privacy and security, but also sheds light on deficiencies in the cyber protection of one of the most important academic institutions in Mexico.
The cybercriminal, using the identification of “Lord Peña” and the image of former President Enrique Peña Nieto as his brand, exploited a vulnerability known as XXE to access the IIMAS server. This vulnerability allowed the attacker to extract nearly 1 TB of information, including sensitive data such as bank transfers, from Zimbra servers used by the university to manage emails and other files. The unauthorized access revealed more than two million files contained in 2,076 folders.
Additionally, the cybercriminal publicly exposed emails exchanged between IIMAS personnel, including confidential communications related to evidence of deposits and banking transactions.
The revelation of this security breach has raised concerns in the cybersecurity community. Experts such as Víctor Ruiz, founder of SILIKN, warn of the devastating consequences of not adequately addressing vulnerabilities in software like Zimbra. Ruiz highlights that the same software compromised in this attack was used by multiple government institutions in Mexico, posing a significant risk to data security across the country.
This incident underscores the critical importance of implementing initiative-taking security measures and maintaining Updated software systems to protect against cyber threats. Organizations, both public and private, should take immediate steps to review and strengthen their security protocols, including installing patches and updates provided by trusted software vendors like Zimbra. In an increasingly dangerous digital landscape, cybersecurity must be an absolute priority for all entities that manage sensitive data. UNAM and other institutions affected by this incident must take urgent measures to remediate the exposed vulnerabilities and restore confidence in the protection of their users’ information.
