Government of Paraguay

Troves of data on effectively every Paraguayan citizen were stolen by hackers who infected a government employee’s device with infostealer malware. The personal information of 7.4 million Paraguayans was offered for sale on the dark web following alleged breaches at several government agencies. The data was initially discovered by researchers at the cybersecurity firm Resecurity, who said the hackers — known as Brigada Cyber PMC — were selling the information for $7.4 million. Paraguay refused to pay the ransom and the data was published on June 13.

Source: https://therecord.media/data-leak-paraguayan-millions-infostealer

TPRM report: https://scoringcyber.rankiteo.com/company/presidencia-de-la-rep-blica-del-paraguay

"id": "pre301062425",
"linkid": "presidencia-de-la-rep-blica-del-paraguay",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '7.4 million citizens',
                        'industry': 'Public Sector',
                        'location': 'Paraguay',
                        'name': 'Government of Paraguay',
                        'type': 'Government'}],
 'attack_vector': 'Infostealer Malware',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '7.4 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'ID card numbers',
                                              'Dates of birth',
                                              'Professions',
                                              'Certificates']},
 'date_detected': '2023-06-13',
 'date_publicly_disclosed': '2023-06-13',
 'description': 'Troves of data on effectively every Paraguayan citizen were '
                'stolen by hackers who infected a government employee’s device '
                'with infostealer malware.',
 'impact': {'data_compromised': 'Personal information of 7.4 million '
                                'Paraguayans',
            'identity_theft_risk': 'High',
            'systems_affected': ['National Agency for Transit and Road Safety',
                                 'Ministry of Public Health and Social '
                                 'Welfare']},
 'initial_access_broker': {'backdoors_established': 'Yes',
                           'data_sold_on_dark_web': 'Yes',
                           'entry_point': "Compromised government employee's "
                                          'device',
                           'high_value_targets': 'Government infrastructure'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, possible geopolitical motives',
 'post_incident_analysis': {'root_causes': 'Compromised credentials, '
                                           'Infostealer malware infection'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '$7.4 million',
                'ransom_paid': 'No'},
 'references': [{'source': 'Resecurity'},
                {'source': 'Hudson Rock'},
                {'source': 'Organized Crime and Corruption Reporting Project '
                           '(OCCRP)'}],
 'threat_actor': 'Brigada Cyber PMC',
 'title': 'Paraguay Government Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Compromised credentials'}

Government of Paraguay

Dutch Government

Cloudflare

Albania’s capital, Tirana