State websites present weaknesses, according to an analysis by Luis Assardo, digital security expert and investigative journalist, who evaluated 134 portals.
The study was based on international standards and the identification of 58 attack vectors, that is, the paths that a hacker can be used to compromise a system.
“The first thing is that we established all the possible attack vectors that any government or state website anywhere in the world could receive. In total we listed more or less 58 attack vectors,” he explained.
He added that the evaluation focuses on standardized criteria and that the portals have a rating on a scale from A to F.
He commented that to meet minimum standards, a website must have mandatory use of HTTPS (connection encryption), security policies, blocking URL tampers, updated protocols and mechanisms that detect access from unusual locations.
Basic security flaws
One of the main findings is the absence of essential measures and, in Assardo’s opinion, 87% of government sites do not have basic security measures.
He added that the analysis was carried out with a tool that he developed together with his work team. He warned that the ratings reflect the level of exposure to attacks.
“So what those ratings clearly tell you is that the websites are prepared for these types of attacks,” he explained.
In addition, he commented that, by not having basic security policies, users and those who manage government portals will not notice an intrusion. He added that even inexperienced attackers can exploit these flaws.
You could read: They point out a lack of clarity and structure in the cybersecurity law and advocate for a new one
Major threats
Assardo also warned that if more experienced hackers attacked Guatemala, the current situation would be worse.
“If we were receiving attackers like TP-15, Guacamaya, or some of those attackers that are already more powerful, I tell you that the State of Guatemala would already be on its knees, everything would be encrypted,” he explained.
Improvements and setbacks after hacks
In it report Assardo points out that, after the wave of cyberattacks in April 2026, some government platforms corrected flaws and improved their security, although others retreated or did not apply basic protection measures.
On April 7, 2026, the first cyber attack against the General Directorate of Control of Arms and Ammunition (Digecam). Less than a week later, Assardo conducted a scan of 134 Guatemalan government websites with the GovScan tool and determined that most lacked basic security measures.
On May 3, 2026, Assardo conducted a new analysis of state portals and found that some entities made adjustments to better protect their information. For example, the use of tools that help prevent sites from being altered or used to steal user data has increased.
“They are small changes, but they are the first evidence that some system administrators heard the alarm,” says Assardo.
Among the institutions that showed improvements, the Road Conservation Unit (Covial) stands out, which went from a D to B rating. The Attorney General’s Office (PGN) also improved from C to B, while the Ministry of Energy and Mines increased 27 points.
In Assardo’s opinion, the general outlook remains worrying. The average safety score dropped from 48.5 to 46.7 out of 100, and the sites with the worst rating (F) increased from 8 to 39 in three weeks.
Among the most notable setbacks are the Vice Presidency of the Republic and the Ministry of the Interior, which fell to the lowest ratings. Added to this is the Your Employment portal, of the Ministry of Labor, which has remained offline since the attack.
Hacking in Guatemala
During April 2026, Guatemala has faced a series of cyber attacks and alerts aimed at public institutions and higher education center platforms. The incidents, attributed to different actors, included data leaks and unauthorized access.
At least five actors have been linked to these attacks: among them “Gordon Freeman“, related to the violation of Digecam, the Your Employment portal of the Ministry of Labor and actions in other Latin American countries; “MrGoblinciano”, reported for the leak of data from the Rafael Landívar University and the University of San Carlos of Guatemala; and “NemorisHacking”, who takes credit for the April 30 attacks against other institutions.
The Government asks for help
On May 4, President Bernardo Arévalo stated that the attacks are not exclusive to Guatemala, but are part of an international phenomenon.
He added that, before information about the attacks was made public, work was already underway to identify vulnerabilities in the systems.
He also indicated that there is coordination between the ministry teams to correct detected failures.
“We are also working with the cooperation of countries such as the United States, Spain and Taiwan, with whom we have been supporting each other to identify vulnerabilities and the measures that must be taken to overcome this situation,” he stated.
The president noted that the data has not disappeared and that it remains in the affected institutions.
He added that the Government is working to improve cybersecurity and prevent new attacks, which, in his opinion, respond to a global trend.