MEXICO CITY, September 30 – A major hack of classified government information in Mexico, including thousands of emails from the armed forces, exposed the country’s vulnerability to cyberattacks due to underinvestment and poor technological preparedness , experts said on Friday.

President Andres Manuel Lopez Obrador confirmed on Friday that the Ministry of Defense had been the victim of a hack which revealed details of his heart condition – a form of angina pectoris – as well as information on criminal figures, communications transcripts and surveillance of the US Ambassador to Mexico.

A group called “Guacamaya” – or “ara” in Spanish – claimed responsibility for the hack and said on its website that it had accessed six terabytes of data.

Join now for FREE unlimited access to Reuters.com

The size of the hack suggested advance planning, said Francisco Solano, an executive with IT services and consulting firm Logicalis.

“It didn’t happen by chance,” he said.

According to Solano and other analysts consulted by Reuters, the vulnerability exploited by hackers stemmed from a weakness in a Microsoft server detected last year, known as ProxyShell.

Although solutions to fix the problem are available, the government needed to make updates to implement them.

“You have the antidote, but no one to apply it,” Solano said, adding that there seemed to be a lack of resources to fix the problem.

Microsoft did not immediately respond to an emailed request for comment.

During his daily press conference on Friday, Lopez Obrador said that hackers had exploited a modification of the army’s computer systems, without giving further details.

The armed forces did not respond to a request for comment.

Governments around the world have been increasingly targeted by aggressive cybercrime in recent years and have been forced to increase their investments and focus on cybersecurity.

In Latin America, Mexico is the country most targeted by cyberattacks in the public and private sectors combined, according to several studies.

Mexican oil company Pemex, the National Lottery and the National Transparency Platform have been hit by cyberattacks in recent years.

Although the Mexican government has steadily devoted more resources to cybersecurity, the investment is not enough compared to what is needed to ward off attacks, experts said.

The hackers would have needed up to three days to copy the information, said Adolfo Grego, a forensic specialist, also raising questions about why the government failed to act sooner.

Join now for FREE unlimited access to Reuters.com

Reporting by Diego Oré; Editing by Muralikumar Anantharaman

Our standards: The Thomson Reuters Trust Principles.

Diego Ore

Thomson Reuters

Covers politics, migration and security in Mexico and Central America, a Peruvian journalist with over 20 years of experience in Latin America and the Caribbean, including in magazines, newspapers and the Associated Press covering elections , coups, demonstrations, summits, disasters and football matches.