{ "id": "dfab6ec7-5540-4ad6-864a-a174e92252c8", "created_at": "2026-04-06T00:10:05.337838Z", "updated_at": "2026-04-10T13:12:44.572977Z", "deleted_at": null, "sha1_hash": "391ee638c6e69816de1cbacd4bf2731b1a444da8", "title": "KelvinSecurity Group Sells 13GB on Mexican Party Morena", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 235341, "plain_text": "KelvinSecurity Group Sells 13GB on Mexican Party Morena\r\nBy By Miklos Zoltan . 2 September 2023 Founder - Privacy Affairs\r\nPublished: 2023-09-02 · Archived: 2026-04-05 14:58:09 UTC\r\nKelvinSecurity Hacking Group Sells 13GB of Files on Mexican Political Party\r\nMorena\r\nHacking group KelvinSecurity is currently claiming to possess and sell 13GB of data and information about the\r\nMexican political party MORENA. They made the announcement on their forum and on the Dark Web.\r\nHighlights\r\nKelvinSecurity is selling information about MORENA from 2016 to 2023\r\nThe files include information about militants, party members, financial managers, and campaign financing\r\nIt is to be expected that KelvinSecurity will sell this 13GB informational package on the Dark Web, as they\r\nusually do\r\nMORENA has issued no statement about the informational leakage yet\r\nKelvinSecurity, a well-known hacking group, has announced that they’ve gotten their hands on 13GB worth of\r\nprivate information about MORENA.\r\nhttps://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/\r\nPage 1 of 3\n\nhttps://twitter.com/FalconFeedsio/status/1636381186623934472\r\nThe National Regeneration Movement, as most will know it, is the political party of the current president of\r\nMexico. KelvinSecurity claims it possesses information about the party’s financial managers, members, militants,\r\nand financial data.\r\nThe hacking group is known to target both national and international platforms. They don’t appear to be\r\npolitically-driven nor do they target anyone specifically. This makes it harder for authorities to foresee future\r\nattacks.\r\nPrevious Attacks by KelvinSecurity\r\nhttps://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/\r\nPage 2 of 3\n\nKelvinSecurity is a notorious data seller on the Dark Web. They provide valuable data to cybercriminals and\r\nhackers alike. They’re data brokers, simply put.\r\nThey’re best known for attacking Vodafone Italy, and the German Institute of Global and Area Studies (GIGA).\r\nFrom the latter, they’ve stolen Drupal databases and SQL, up to 1GB of confidential data about the staff and\r\nemployees of the educational institution.\r\nThey’ve also attempted to sell information about the Ecuador Armed Forces in one of the biggest data breaches in\r\nrecent times. They leaked information about the external and internal defenses, war strategies, soldiers, and secret\r\ndocuments.\r\nAs a data broker and informer, KelvinSecurity is often responsible for providing initial access to cybercriminals to\r\nhigh-value targets. They help them exploit vulnerabilities and gain unauthorized access to various systems.\r\nThe group has already established itself as a valuable information broker for the Dark Web. They generally don’t\r\nengage in full-fledged attacks but instead facilitate these breaches to other, more active groups.\r\nThere also doesn’t seem to be a pattern to their attacks. At one time, KelvinSecurity exposed the BMW customer\r\ndatabase and the Frost \u0026 Sullivan databases.\r\nThey hail themselves as business intelligence contractors but their history is clouded in less legal activities. As\r\nwith the MORENA data sell-out, it seems they’re not afraid to stoop low to achieve their goals.\r\nFounder \u0026 CEO Privacy Affairs\r\nMiklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and\r\ndata privacy having worked with international teams for more than 10 years in projects involving penetration\r\ntesting, network security and cryptography.\r\nMiklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences\r\nby translating tech-heavy and \"geeky\" topics into easy-to-understand guides and tutorials.\r\nSource: https://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/\r\nhttps://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.privacyaffairs.com/kelvinsecurity-hacking-group-morena/" ], "report_names": [ "kelvinsecurity-hacking-group-morena" ], "threat_actors": [ { "id": "63f532e6-4b4a-4f17-bbff-8517f0dd1868", "created_at": "2024-01-09T02:00:04.192588Z", "updated_at": "2026-04-10T02:00:03.507424Z", "deleted_at": null, "main_name": "KelvinSecurity", "aliases": [], "source_name": "MISPGALAXY:KelvinSecurity", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434205, "ts_updated_at": 1775826764, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/391ee638c6e69816de1cbacd4bf2731b1a444da8.pdf", "text": "https://archive.orkl.eu/391ee638c6e69816de1cbacd4bf2731b1a444da8.txt", "img": "https://archive.orkl.eu/391ee638c6e69816de1cbacd4bf2731b1a444da8.jpg" } }