The Attorney General’s Office of the State of Guanajuato (FGEG) confirmed a cybersecurity incident following a ransomware attack attributed to the international group Tekir APT. The attackers claim to have exfiltrated more than 250GB of confidential information, including judicial files and internal databases.
“The FGEG is conducting a preventive review of its security controls and a technical verification of the damages,” the institution says in an official communication, without confirming the authorship of the attack or the payment of any ransom.
The incident occurred amid increasing cyber threats targeting public institutions in Mexico. According to the cybersecurity platform Hackmanac, Tekir APT allegedly encrypted all subdomains linked to the state, including those of the attorney general’s office, the police, and several municipal departments. This form of attack follows the “double extortion” model, combining encryption with the threat of public data release to pressure victims into payment.
Tekir APT operates in over 49 countries and has been linked to attacks on government entities and financial institutions. The group uses advanced server encryption, data theft, and cryptocurrency-based extortion techniques. This would be its second recorded incident in Mexico, highlighting the rise in cyberattacks targeting justice and security infrastructure in Latin America.
According to Verizon, Latin America experienced a 37% increase in ransomware attacks against governme
TPRM report: https://www.rankiteo.com/company/fiscalia-general-del-estado
"id": "fis1764893540",
"linkid": "fiscalia-general-del-estado",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': None,
'industry': 'Public Sector / Law '
'Enforcement',
'location': 'Guanajuato, Mexico',
'name': 'Attorney General’s Office of the '
'State of Guanajuato (FGEG)',
'size': None,
'type': 'Government'}],
'data_breach': {'data_encryption': 'Yes (server encryption)',
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': 'High (confidential)',
'type_of_data_compromised': 'Judicial files, '
'internal databases'},
'description': 'The Attorney General’s Office of the State of '
'Guanajuato (FGEG) confirmed a cybersecurity '
'incident following a ransomware attack '
'attributed to the international group Tekir APT. '
'The attackers claim to have exfiltrated more '
'than 250GB of confidential information, '
'including judicial files and internal databases.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': '250GB of confidential '
'information, including judicial '
'files and internal databases',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'All subdomains linked to the '
'state, including those of the '
'attorney general’s office, the '
'police, and several municipal '
'departments'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'motivation': 'Extortion (Double Extortion)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': 'Not confirmed',
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Hackmanac',
'url': None},
{'date_accessed': None,
'source': 'Verizon',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Official communication '
'issued',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Preventive '
'review of '
'security '
'controls and '
'technical '
'verification '
'of damages',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Tekir APT',
'title': 'Ransomware Attack on Attorney General’s Office of the '
'State of Guanajuato (FGEG)',
'type': 'Ransomware'}