Paraguay is Being Targeted by Cybercriminals - 7.4 Million Citizen Records for Sale

The identified data breach involves 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens for sale on the dark web. As the threat actors aim to sell the data quickly, it is only a matter of time before this data is exploited to victimize users across Paraguay. Cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4 million in ransom payments, $1 per citizen. A ransomware group is extorting the entire country in what is probably one of the most significant cybersecurity incidents in the nation’s history, with a symbolic deadline - Friday, June 13, 2025.

The first reports about the country’s cybersecurity issues appeared nearly two years ago, when one of the affected government systems was compromised, although no data has been publicly released. At that time, China was accused of engaging in malicious cyber activity targeting South America, with Paraguay specifically mentioned.

Flax Typhoon, a cyber-group linked to the Chinese state, was found to have infiltrated Paraguayan government networks, according to a joint statement from the Paraguayan Ministry of Information and Communication Technologies and the U.S. Embassy in Asunción. Flax Typhoon carried out an advanced persistent threat (APT), meaning a targeted and sustained cyberattack. The Chinese group utilized malware to infiltrate systems, extract sensitive information, and maintain a covert presence over extended periods. No data has been leaked for that event, and no victim organizations have been officially named as compromised.

To read the complete article see: Resecurity