Cyber Threat Actor: La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente

The threat actor is referenced by the alias La Agencia Nacional de Contratación Pública – Colombia Compra Eficiente, a name that appears in Spanish‑language sources. This alias combines a formal title for a national procurement agency with a colloquial branding used in Colombia. The alias itself indicates a connection to public procurement functions within the country.

The actor’s known location is Colombia, as indicated in the contextual information provided. No additional geographic details about operational bases or infrastructure are supplied in the source material. The location reference is limited to the nation‑state level without specifying cities or regions.

A publicly reported operation mentioned in the source material involves a ransomware attack against Argentina’s Instituto Nacional de Tecnologia Agropecuaria (INTA) on 29 April 2023. The attack disrupted institutional IT services and a national network of over 400 locations, prompting a complete suspension of computer services while recovery efforts proceeded. A ransom demand of approximately $2.5 million was reported in connection with this incident, although the responsible group was not officially identified by authorities.

The source cites a specific article from databreaches.net as the reference for the INTA incident, and no further technical details such as malware families, initial access vectors, or tooling styles are provided in the available information. Consequently, no definitive attribution, affiliations, or tactical patterns can be asserted for the actor based solely on the supplied context.