San Silvestre School Data Breach

Alleged

Ransomware claim involving San Silvestre School.

Published: Jun 25, 2026 Krybit
Threat Level
High
Confidence: High

Quick Summary

Company
San Silvestre School
Industry
Education
Threat Actor
Krybit
Date of Incident
Jun 25, 2026
Status
Alleged

Executive Summary

San Silvestre School, an educational institution based in Peru, has been identified as a victim by the Krybit ransomware group. The listing was published on June 25, 2026, and discovered through SOCRadar’s Dark Web Monitoring service. While Krybit’s victimology is predominantly in Europe, San Silvestre represents one of their few Latin American targets. In the 60 days preceding this listing, Krybit claimed 28 other victims, frequently targeting the business services, public sector, and technology industries, with a concentration of victims in Germany, Austria, and Peru.

Technical Analysis

SOCRadar’s analysis of stealer-log telemetry revealed a significant exposure concerning the sansilvestre.edu.pe domain. A data sample contained approximately twenty-five credential records from mid-May to late June 2026. This data included credentials for Google Workspace identity provider, internal infrastructure, corporate email accounts found on third-party services, network security appliance management interfaces, an Aruba ClearPass portal, and ERP login. These findings suggest a pattern of initial access often employed by ransomware groups like Krybit, where harvested credentials are used to gain entry into corporate networks and systems. The recommended defensive actions include immediate credential rotation, Multi-Factor Authentication enforcement on affected accounts, and isolation/reimaging of compromised workstations.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.