Overview
- The Sonora Treasury halted payments through its portal and participating banks and merchants while it verifies the integrity of financial systems.
- Chronus published roughly 40 GB of documents and databases from the treasury and publicly named the federal tax agency SAT as a potential next target.
- State authorities traced the extraction to a workstation in the Subsecretaría de Egresos, activated their incident-management plan, and filed a complaint with the state Fiscalía.
- Specialists say the attack combined exploitation of a vulnerability, ransomware, and data exfiltration, with stolen files released and access to compromised systems offered for sale.
- Analysts warn of identity-theft and fraud risks for citizens and public servants, noting earlier Chronus-linked leaks that exposed data on about 1,200 Hermosillo municipal police officers.