On April 7, hackers gained administrative access to the network management system of Fibex Telecom, a Venezuelan internet provider with approximately 390,000 active customers, according to cybersecurity firm VECERT Analyzer. The attacker, identified as “x00x01x01,” published evidence of his access on X, including screenshots and usernames of panels that control the company’s fiber optic infrastructure.
The alleged hacker also claims to have posted a video to X that shows: controlled the provider’s servicesincluded Fibex usernames as part of the test.
The hacker attached a message to the publication that combines accusations and threats: “Fibex Telecom is passing client traffic through Chinese devices on Cantv (dpi). Should I turn everything off?
With this phrase, the attackers claim that Fibex routes users’ browsing through equipment installed at Venezuela’s state-run telecommunications company, Cantv, and is subject to deep packet inspection (DPI), a technology that allows the content monitoring and analysis of internet traffic.
An attacker who gains control of the Fibex administration panel claims to have access to its infrastructure chain. Hundreds of thousands of users can be left without internet service.
A Venezuelan news account reported that Fibex Telecom issued the following statement: Guaranteed normal operation CriptoNoticias could not verify that statement, but claimed its platform had “the best security protocols.”
What grants access to the compromised panel?
The system compromised in Fibex is SmartOLT, a fiber optic infrastructure management panel that allows remote management of equipment that delivers internet signals to end users. Anyone who accesses that panel will Control who is logged in and authenticate or disconnect deviceschange network configuration, and access node diagnostic data.
Simply put, access to the panel is the same as having a key to the control room of the entire network. This access allows attackers to selectively or wholesale disrupt services without requiring physical intervention into the infrastructure.
According to VECERT, the affected nodes correspond to the following areas: Pastora, La Victoria, Tiplo, San Juan de los Moros, Los Samanesusing equipment from manufacturers Huawei and ZTE.
The analysis firm’s report also highlights that hackers have the ability to remotely disconnect users, change device authentication, access network diagnostics, and obtain location data and the operational status of critical nodes.
Digital ecosystem exposed to repeated attacks
Fivex Telecom Incident This is not an isolated case in Venezuela’s digital ecosystem. As reported by CriptoNoticias, VECERT Analyzer warned on March 16 of a data breach involving more than 56,000 BT Travel Venezuela customers. This was done by an attacker known as ‘malconguerra2’, the same person responsible for hacking Venezuelan fintech company Cashea in February 2026, which compromised approximately 46.5 GB of database and over 79 million records.
In such cases Added other information reported by CriptoNoticias in March: Hacker “GordonFreeman” leaked data from Yummy Rides and Rapikom, over $300,000 USDC from Kontigo in January, and attack on Digitel by the MedusaBlog group in February 2024, which included a ransom demand of $5 million in Bitcoin.
The pattern that emerges is that of a digital ecosystem that is repeatedly exposed to threat actors operating with a variety of objectives, from theft of personal and financial data to accessing critical communications infrastructure. In recent cases, no public statements were made by the affected companies before the information was made public by outside security researchers.
(Tag Translation) Hacker
