Mexican Attorney General's office hit by ransomware attack
Learn More
The Attorney General's Office of the State of Guanajuato in Mexico has confirmed a ransomware attack claimed by the Tekir APT group.
The ransomware attack began on Friday, November 8, 2025, when the digital infrastructure of the Fiscalía General del Estado de Guanajuato collapsed due to malicious encryption of the institution's servers. The attack rendered the entire network inoperable, forcing several departments to revert to manual operations. The disruption resulted in substantial delays in victim assistance services, document processing, and administrative procedures across the state. Employees received internal instructions to immediately disconnect all devices from the institutional network "to prevent virus propagation," explicitly confirming the infection of the organization's core operational servers.
The attack was publicly reported on Tuesday, November 11, 2025, when the cybersecurity monitoring platform Hackmanac published an alert on social media identifying Tekir APT as the responsible threat actor.
The attackers claim to have stolen more than 250 gigabytes of judicial and law enforcement information. The stolen files reportedly include:
- Official government identifications
- Complete judicial case files and legal proceedings
- Internal communications between prosecutors and law enforcement
- Classified investigative documents
- Personal information of crime victims spanning multiple years
- Witness statements and testimony records
- Confidential databases containing criminal intelligence
The group set a deadline of November 20, 2025, threatening to publish the entirety of the stolen data if a ransom is not paid.
The number of affected individuals is not disclosed. According to official statistics, between January 2020 and September 2025, the attorney general's office registered 146,996 cases containing sensitive victim data including names, dates, descriptions of criminal incidents, and detailed investigation information.
Fiscalía General del Estado de Guanajuato stated only that the institution "is conducting a preventive review of its security controls and a technical verification of the damages".
