Uruguay Cyber Incidents: Justice, Media, and Hacking Narratives

Uruguay presents a complex cybersecurity landscape, showcasing a paradoxical situation where its high regional standing in cybersecurity maturity coexists with a significant surge in detected cyber incidents and notable discrepancies in the public narratives surrounding these attacks. This "cybersecurity trust deficit" is further exacerbated by the gaps between official and media portrayals of incidents versus the explanations offered by hackers like "gov.eth".Uruguay's Cybersecurity Position and the Apparent Paradox: Uruguay has achieved a strong position in global cybersecurity benchmarks, ranking as the second-best in Latin America in the 2024 Global Cybersecurity Index (GCI) with an overall score of 18.93 out of 20, just behind Brazil. This high ranking reflects its strengths in areas such as Technical Measures (perfect 20/20 score), indicating advanced infrastructure, a national Computer Security Incident Response Team (CERTuy), and incident response readiness. It also excels in Organizational Measures (19.13), demonstrating a robust national strategy and coordination, and Capacity Development (19.45), showing commitment to training and awareness.However, this strong posture seemingly contradicts the alarming increase in cyber incidents. In 2024, CERTuy, managed by AGESIC, reported 14,264 cyber incidents, nearly tripling the 4,968 aggressions in 2023. This represents a 65% increase from 2023. While this volume appears concerning, official sources, including AGESIC Director Hebert Paguas, attribute this surge not solely to a worsening threat environment but also, critically, to Uruguay's improved detection capabilities, better tools, and methodologies. The establishment of a 24/7 Security Operations Center (SOC) in 2016 and continuous enhancements have provided a more sensitive sensor grid, allowing the nation to detect and catalog a vast number of low-level attacks previously unseen. Thus, the high incident count paradoxically indicates a "visibility dividend" and institutional maturity.Despite improved detection, the landscape is genuinely heightened, with incidents ranging from phishing and unauthorized access to malware installations and proactive breaches. Only 0.48% of the 14,264 incidents in 2024 were classified as "high" or "very high" severity, but these critical events carry a disproportionately large financial impact, with an average immediate mitigation cost of USD $75,000 per incident. This figure, however, represents only the immediate containment and excludes long-term recovery, reputational damage, and business interruption costs, which international analyses show can be much larger.Recent Hacks and Narrative Gaps: The period between 2024 and 2025 witnessed several significant cyberattacks against Uruguayan government entities, which created distinct conflicting narratives between official reports, media coverage, and the hackers themselves.1. Hacker's Perspective (Gob Athereum/Alberto Daniel Hill): A prominent hacker using the alias "Gob Athereum" claimed responsibility for some defacement incidents, offering a perspective that sharply contrasted with official accounts.•

ALBERTO DANIEL HILL

https://x.com/ADanielHill

https://linktr.ee/adanielhill