New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Argentinian Government’s Trust in Blockchain Used Against Them

In 2016 Argentina’s government chose to enact legislation that made digital transmissions of their Boletín Oficial, or Official Gazette, legally valid because of their trust in the blockchain technology used to authenticate its transmission. That trust was exploited recently when attackers compromised a recent edition and published fake guidelines for government agencies dealing with the COVID-19 outbreak. Many details of the attack are currently being withheld and the government is currently only stating that “hackers have managed to exploit a vulnerability in the system.” What has been made public is that the attackers chose to tamper with one edition of the Gazette and change the guidelines contained within; those changed guidelines were then adopted by employees at all of the recipient agencies. Hours after the Gazette was published and transmitted, the government noticed the edits and removed the bulletin.

Analyst Notes

While blockchain technology makes it easier to transmit data through trusted channels, it is dangerous to place too much trust in any one system. Such a high level of trust in a publication makes for a very tempting target for those wishing to cause harm or confusion. Many people throughout the world are feeling desperate for information and will be quick to believe information sent out through trusted sources, especially when it involves the COVID-19 pandemic. A single point of trust for vital information is dangerous–not just at a government level. but for businesses as well. This exploitation is not too dissimilar from instances where attackers will utilize spoofed emails to trick finance departments into sending large amounts of money to attacker-controlled accounts. Modes of transmitting vital information, whether it is legal guidelines or wire transfer requests, need to have not only strong security measures but also a secondary means of validation. Blockchain technology, in theory, should be able to authenticate information and transactions, but if there is an error in the implementation, that trust can be rendered useless. More information on this incident can be found at: