InfoSecBulletin Cybersecurity for mankind
Resecurity found 7.4 million records of Paraguayan citizens’ personal information leaked on the dark web today. Last week, cybercriminals attempted to sell this data for $7.4 million, or $1 per citizen. A ransomware group is extorting the country, marking a major cybersecurity event, with a deadline set for Friday, June 13, 2025.
Stolen data has appeared on various underground forums, including ZIP files of databases and a torrent file for P2P downloads of citizens’ records. This method was also used by LockBit 3.0, which used torrent files on P2P networks to avoid takedowns.
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets
Paraguay has suffered a data breach involving the personal information of its entire population. The attackers, in their ransom demand, criticized the government’s corruption and negligence in protecting citizens’ data. The Paraguayan government refused to pay the ransom and provided little information on how the data of 7.5 million people was compromised, offering only vague comments. Just days before the leak, the President’s Twitter account was also compromised.
The leaked data likely comes from Paraguay’s National Agency for Transit and Road Safety, the Ministry of Public Health, and an unnamed system with personal information. Such leaks are not new in Paraguay, and this recent incident adds to a pattern of data breaches.
In 2025, Paraguay faced two significant data breaches from public institutions. The first breach at the Superior Tribunal of Electoral Justice revealed info on over 7 million individuals. The second, involving the Ministry of Finance, the Central Bank, and Itaipú, leaked a file with more than 17,000 records containing sensitive details such as payments to officials and personal information. In 2023, the National Police also had a breach that exposed documents and personal data of detainees, including their criminal records and photos.
Paraguay dark web
The actors, identifying as “Cyber PMC,” describe themselves as “mercenaries” attacking government systems for profit. It’s uncertain if they are backed by a foreign state or if their actions are solely motivated by cybercrime.
Flax Typhoon, a cyber group associated with China, hacked into Paraguayan government networks last year, as reported by the Paraguayan Ministry of Information and Communication Technologies and the U.S. Embassy in Asunción. This advanced persistent threat involved using malware to access systems and gather sensitive data while staying hidden. There have been no data leaks, and no affected organizations have been named.
Resecurity noted that Paraguay is the only South American country to recognize the independence of Taiwan. China considers the island nation as its territory, and has carried out a global campaign to convince other governments to do the same.
The intensity of cyberattacks and data breaches targeting Paraguay and other countries in South America is alarming. Resecurity highlights the increasing efforts of foreign threat actors to compromise government information systems and portals that store PII of citizens.
