Menu
Browse

Cyber Threat Actor: Onix

Actor Type Location Known Incidents
 Icon
Criminal
1 incident
Profile

Onix is a threat actor identified in connection with a disruptive ransomware attack against Guatemala’s Ministry of Foreign Affairs in September 2022. The group compromised 49 government websites and subdomains, including the ministry’s primary domain and digital services platforms, forcing temporary suspensions of critical online functions. This incident demonstrates Onix’s focus on governmental targets within Latin America, specifically leveraging ransomware to inflict operational paralysis. While financial gain is implied by the ransomware deployment, the group exhibited destructive behavior by irreversibly corrupting larger files even after ransom demands, suggesting an ancillary objective of sustained disruption. The Guatemalan government did not disclose whether a ransom was paid or detail the full extent of damage, but the attack underscored Onix’s capacity to degrade essential public services.

The operation against Guatemala’s foreign affairs ministry revealed Onix’s use of file-encrypting ransomware paired with data corruption tactics, rendering portions of the compromised systems unrecoverable. This approach indicates a willingness to prioritize destruction over reliable financial extraction, distinguishing it from purely profit-driven ransomware groups. The group’s execution caused tangible interruptions to diplomatic and administrative functions, though specific initial access vectors and malware families remain unconfirmed in public reporting. No clear affiliations or state nexus have been attributed to Onix in available sources, leaving its organizational structure and broader alliances unverified. The incident remains the most prominently documented campaign associated with the actor, highlighting its disruptive impact on government infrastructure without evidence of espionage or data exfiltration motives.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources