Credentials from employees at more than 30 government institutions are being sold in cybercrime markets. In April 2026, several attacks took place using compromised credentials. This portal compiles research and findings on related events. We use OSINT tools and follow an analysis methodology that led us to build GovScan: a tool for journalists, coming soon.
The left column shows when the research team detected warning signals on intelligence platforms, without revealing details that could facilitate new attacks. The right column shows public events: attacker announcements, confirmed breaches, and institutional responses.
Five actors were indexed by intelligence platforms as responsible for operations against Guatemalan institutions. Data comes from open sources (OSINT). No details that could facilitate new attacks are published.
Each card presents all verified data about the incident: what the actor claims, what independent technical analysis confirms, the exposed data, and the official response. The distinction between confirmed and unconfirmed is central to this investigation.
These institutions have not been publicly attacked, but their credentials appear in intelligence records since June 2025. Prior exposure is the main risk factor: the same vectors used in confirmed breaches apply here.
Vector Crítico conducted two web security scans of the Guatemalan government with GovScan. The first scan was on April 14, 2026, days after the first attacks. The second, on May 3, 2026, shows which institutions improved their security and which remain the same or got worse.
Breaches do not happen by chance. They are the result of concrete decisions about how the systems that store citizens' data are protected. These are the most frequent failures we documented, explained without technical jargon.
All information on this site comes from open and verifiable sources. The glossary at the bottom of this section explains technical terms.
Technical terms used in this investigation, explained for any citizen without specialized knowledge.
Chronology of national and international press coverage of the crisis. Vector Crítico articles are linked directly.