Tekir APT Cyberattack Hits Guanajuato Attorney General’s Office - Mexico Business News

All Multimedia Expert Contributor Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals By MBN Staff | MBN staff - Thu, 11/13/2025 - 11:00 The Attorney General’s Office of the State of Guanajuato (FGEG) confirmed a cybersecurity incident following a ransomware attack attributed to the international group Tekir APT. The attackers claim to have exfiltrated more than 250GB of confidential information, including judicial files and internal databases. “The FGEG is conducting a preventive review of its security controls and a technical verification of the damages,” the institution says in an official communication, without confirming the authorship of the attack or the payment of any ransom. The incident occurred amid increasing cyber threats targeting public institutions in Mexico. According to the cybersecurity platform Hackmanac, Tekir APT allegedly encrypted all subdomains linked to the state, including those of the attorney general’s office, the police, and several municipal departments. This form of attack follows the “double extortion” model, combining encryption with the threat of public data release to pressure victims into payment. Tekir APT operates in over 49 countries and has been linked to attacks on government entities and financial institutions. The group uses advanced server encryption, data theft, and cryptocurrency-based extortion techniques. This would be its second recorded incident in Mexico, highlighting the rise in cyberattacks targeting justice and security infrastructure in Latin America. According to Verizon, Latin America experienced a 37% increase in ransomware attacks against government institutions over the last year. Mexico remains among the primary targets due to its rapid administrative digitalization and limited cyber defense capacity. The attack disrupted FGEG’s digital systems, causing partial shutdowns and operational delays. Internal sources reported that several departments are operating manually due to system inaccessibility, resulting in delays in victim assistance, document processing, and administrative procedures. Tekir APT released screenshots and access samples as evidence of the breach, stating that the stolen data will be published on Nov. 20, 2025, if an undisclosed ransom is not paid. The exfiltrated files reportedly include official identifications, internal communications, and classified judicial documents, posing potential risks to active investigations and personal privacy. In an internal memo, the FGEG instructed its personnel to immediately disconnect all devices from the institutional network “to prevent virus propagation,” confirming the infection of operational servers. Although the public statement avoids labeling the incident as “ransomware,” cybersecurity experts indicate that the technical indicators correspond to that category of attack. The FGEG has initiated coordination with national cybersecurity authorities for technical evaluation but has not confirmed whether the National Guard or the Ministry of Security and Citizen Protection (SSPC) will intervene. The institution has also not disclosed whether a criminal investigation has been opened. If verified, the exposure of 250GB of information could affect ongoing judicial proceedings, witness protection protocols, and the handling of digital evidence. The potential disclosure of personal data belonging to victims and government personnel could also represent a violation of Mexico’s General Law on the Protection of Personal Data Held by Obligated Subjects (LGPDPPSO). Photo by:   Unsplash TAGS: Tekir APT FGEG Attorney General’s Office Guanajuato Hackmanac Verizon Mexico Cybersecurity ransomware data breach cybercrime information security Government Institutions Public Sector Digital Infrastructure Data Protection Privacy cyber threats encryption Latin America National Guard SSPC LGPDPPSO Judicial Data cyber defense digitalization hacking threat intelligence YOU MAY LIKE Cybersecurity Becomes Strategic Priority for Mexican Companies Tekir APT Cyberattack Hits Guanajuato Attorney General’s Office MOST POPULAR Mobility AICM, Uber Clash as Airport Ride Enforcement Tightens Energy How the War in Iran Could Hit Mexico’s Energy Market Oil & Gas How PEMEX Can Bridge the Gap Between Investment and Production Oil & Gas PEMEX's Deer Park Posts Second Consecutive Annual Loss Trade & Investment New Port of Brownsville Refinery Project Announced Trade & Investment Mexico, United States Set March 16 Date for USMCA Review Talks Talent The Rise of Artificial Intelligence and the Value of Being Human Av. Paseo de la Reforma 180, piso 20, Col. Juárez, Cuahutémoc, 06600, Ciudad de México. Follow Us Our Categories Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace More Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals © 2025 Mexicobusiness.News. A Mexico Business Company. All Rights Reserved. AddToAny More…