Gunra Ransomware Group Breaches Colombian Military Court, Data Exposed
Thousands of documents allegedly belonging to Colombia’s Military Criminal Justice system are currently exposed online through a publicly accessible URL.
The data appears to have been stolen from the institution’s IT infrastructure following a ransomware attack attributed to a group known as Gunra. The breach came to light after Gunra listed the entity as a new victim on its leak site, where the stolen data was reportedly published due to non-payment of the ransom demand—an established practice of the group.
MuchoHacker.lol located the .Onion URL where the documents are hosted and verified both the existence and the massive volume of published information. The quantity of exposed data is so large that it is currently impossible to determine whether any of it includes classified or restricted documents.
According to Law 522 of 1999, which governs Military Criminal Justice in Colombia, the court is required to maintain confidentiality at various stages of its proceedings. However, Article 202 of the same law states that military criminal trials are, “in principle, public.”
Given this context and the overwhelming volume of documentation—amounting to 45 terabytes—MuchoHacker.lol cannot confirm that all the information is confidential. Nevertheless, it is highly likely that the dataset includes sensitive material that should not be publicly accessible.
What Was Exposed
MuchoHacker.lol recognizes the severe implications of having potentially classified data online, particularly when it concerns judicial cases involving members of the armed forces.
In light of the situation, our team accessed the online source to verify its existence. No data was downloaded onto any device during the verification process. Only random checks were conducted for journalistic purposes.
The stolen information is organized into five primary folders:
1. Internal Documents
This folder contains 129 subfolders of administrative and internal records. One of these folders, titled Cybersecurity, was last modified on June 16, 2025, suggesting ongoing activity.
Among the contents are complete contracting processes, including technical documentation. One notable file is a contract titled:
“Update and Expansion of the Information Security and Privacy Model of the Special Administrative Unit for Military and Police Criminal Justice.”
This folder also includes Confidentiality Agreements signed by civilian employees, alongside personal and sensitive data.
2. Internal Employee Data 1
This section contains 434 folders, seemingly tied to personnel using emails under the domain @JusticiaMilitar.gov.co. Some documents appear to be directly related to ongoing judicial proceedings.
3. Employee Data 2
This folder holds 304 folders linked to entities and individuals who utilize the institution’s IT infrastructure. Among them is the email address [email protected].
4 & 5. Additional Employee Data
The final two folders collectively contain 222 subfolders, which appear to include internal documentation and organizational data related to additional staff members.
Due to limited institutional support and legal infrastructure, MuchoHacker.lol has chosen not to publish any concrete data from the leak, despite its clear journalistic value.
From a digital investigative journalism standpoint, this breach is as serious—or possibly more serious—than the cyberattack that previously targeted Colombia’s Attorney General’s Office. It also marks the second cyberattack on defense-related institutions in Colombia this month alone.
Attempts to Contact Affected Institutions
As part of its commitment to responsible digital journalism, MuchoHacker.lol always attempts to contact affected institutions before publication.
- At 10:36 AM, we reached out to the Military Criminal Justice office for a comment.
- The first call was disconnected, and during the second attempt, the person answering noted that “calls have been unstable due to what happened,” without providing further details.
- After being transferred, we were informed that no spokesperson was available to respond.
- At 10:47 AM, we called the press office of the Ministry of Defense, but there was no response.
- At 10:55 AM, we also posted a public message on X (formerly Twitter) requesting comment. No reply was received.
Final Notes
The leaked data is hosted on a public, yet not easily accessible URL. However, anyone with basic Google skills could potentially locate it.
If a news organization wishes to access the URL for investigation, it must contact [email protected] with the name of the outlet and the reason for the request.
