Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber PMC. Show all posts
Ransom
Cyber PMC Data Breach Paraguay Ransom

Paraguay Faces Data Breach Threat as Cyber Group Demands Ransom

 


A cyber extortion group is pressuring the Paraguayan government to pay a ransom of $7.4 million, roughly equal to one dollar for each citizen of the country. The group, which calls itself Brigada Cyber PMC, claims to have stolen personal information from three different Paraguayan government systems, including records of about 7.2 million people from the national civil registry, which manages voter information and other key data.

The hackers posted their demands on their dark web site on Sunday, warning that if the payment is not made by June 13, they will leak all the stolen information to the public. However, by Thursday, the group’s leak site had gone offline and was showing a basic server message, making its current status unclear.


Who Are the Hackers?

Little is known about Brigada Cyber PMC. Their website simply states, “You don’t need to know who we are.” At this stage, it’s uncertain whether they are working independently or if they have backing from a larger organization or government.

According to cybersecurity company Resecurity, the first signs of this data breach appeared on May 28, when a user named "Gatito_FBI_Nz" posted on a cybercrime forum offering to sell two databases containing information on Paraguayan citizens. The seller also provided a sample of nearly 940,000 records and appeared to be connected to other leaks in South America, based on their usernames and contact details shared on Telegram.

Resecurity’s investigation suggests that the hacker involved may have also attacked government systems in other South American countries. Paraguay’s national cybersecurity team, CERT-PY, has been informed of the situation.


The Targeted Systems

One of the affected Paraguayan government websites belonged to the National Agency for Transit and Road Safety, which went offline on May 29 but was brought back the next day. Some of the leaked records appear to have come from this agency and include sensitive personal details such as names, ID numbers, dates of birth, professions, marital status, and nationalities.

Another incident was reported on May 31, when a different hacker named "el_farado" posted another large set of Paraguayan citizen data for sale. This data was allegedly taken from government systems in the Cordillera region. Resecurity noted possible links between this hacker and FunkSec, a ransomware group active since late 2024. The structure of this data suggests it may have come from a separate cyberattack.


History of Attacks

This is not the first time Paraguay’s government networks have been targeted. Resecurity pointed out that a civil registry database was stolen and leaked about two years ago, but it’s unclear whether that older data is now being reused by the current attackers.

In another major case in November 2024, Paraguay’s critical infrastructure was found to be compromised by a hacking group reportedly connected to China, according to a joint investigation by Paraguayan officials and the U.S. Southern Command. That breach was linked to the group known as Flax Typhoon, but no public data leaks or officially confirmed victims were reported in that incident.

Read more »
Subscribe to: Posts (Atom)