InfoSecBulletin Cybersecurity for mankind
Resecurity found 7.4 million records of Paraguayan citizens’ personal information leaked on the dark web today. Last week, cybercriminals attempted to sell this data for $7.4 million, or $1 per citizen. A ransomware group is extorting the country, marking a major cybersecurity event, with a deadline set for Friday, June 13, 2025.
Stolen data has appeared on various underground forums, including ZIP files of databases and a torrent file for P2P downloads of citizens’ records. This method was also used by LockBit 3.0, which used torrent files on P2P networks to avoid takedowns.
CYDES 2025 Reinforces Malaysia’s Vision of Secure and Trusted Digital Nation
Cisco alerts that Unified CM has hardcoded root SSH credentials
CYDES 2025
MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief
CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid
Amid Meta moves; OpenAI is largely shutting down next week: Wired
Canada orders Hikvision to close operations over national security
First couple “Rosie” to conceive using AI tech “STAR” successfully
Scattered Spider Actively Attacking Aviation and Transportation: FBI
Russia’s restrictions on Cloudflare making websites inaccessible
61 million Verizon records allegedly posted online for sale
Paraguay has suffered a data breach involving the personal information of its entire population. The attackers, in their ransom demand, criticized the government’s corruption and negligence in protecting citizens’ data. The Paraguayan government refused to pay the ransom and provided little information on how the data of 7.5 million people was compromised, offering only vague comments. Just days before the leak, the President’s Twitter account was also compromised.
The leaked data likely comes from Paraguay’s National Agency for Transit and Road Safety, the Ministry of Public Health, and an unnamed system with personal information. Such leaks are not new in Paraguay, and this recent incident adds to a pattern of data breaches.
In 2025, Paraguay faced two significant data breaches from public institutions. The first breach at the Superior Tribunal of Electoral Justice revealed info on over 7 million individuals. The second, involving the Ministry of Finance, the Central Bank, and Itaipú, leaked a file with more than 17,000 records containing sensitive details such as payments to officials and personal information. In 2023, the National Police also had a breach that exposed documents and personal data of detainees, including their criminal records and photos.
Paraguay dark web
The actors, identifying as “Cyber PMC,” describe themselves as “mercenaries” attacking government systems for profit. It’s uncertain if they are backed by a foreign state or if their actions are solely motivated by cybercrime.
Flax Typhoon, a cyber group associated with China, hacked into Paraguayan government networks last year, as reported by the Paraguayan Ministry of Information and Communication Technologies and the U.S. Embassy in Asunción. This advanced persistent threat involved using malware to access systems and gather sensitive data while staying hidden. There have been no data leaks, and no affected organizations have been named.
Resecurity noted that Paraguay is the only South American country to recognize the independence of Taiwan. China considers the island nation as its territory, and has carried out a global campaign to convince other governments to do the same.
The intensity of cyberattacks and data breaches targeting Paraguay and other countries in South America is alarming. Resecurity highlights the increasing efforts of foreign threat actors to compromise government information systems and portals that store PII of citizens.
