Cyber Incident Victim: Macrotel
Date:
Oct 2022
Location:
Argentina
Summary
A ransomware group claimed responsibility for an attack targeting an Argentine telecommunications firm, though the allegation lacked supporting evidence and remained unverified. The incident coincided with cyberattacks affecting multiple organizations across Latin America around the same period, including service disruptions at other regional telecom providers and financial platforms. While some impacted entities reported operational interruptions and proactive isolation of certain systems to protect data integrity, the specific group's involvement in this case was not conclusively established due to the absence of corroborating details or confirmed ransom demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Personal Paraguay, a Paraguayan telecommunications provider, experienced a cyber incident beginning around October 25, 2022. The company first acknowledged service disruptions via a Facebook post on October 28, stating some services had suffered "inconveniences." Customers responded angrily, noting outages had persisted for three days with no restoration timeline. On October 29, Personal Paraguay confirmed a "malicious attack by unscrupulous people" targeting its computer systems, attributing minimal service impacts to preventive security measures that maintained core cellular, internet, and television operations. The company emphasized continuous efforts by technical teams to restore affected systems while isolating its personal wallet platform to protect financial data and deposited funds from potential compromise.
By November 2, services remained partially disrupted despite ongoing restoration work. Customer reports contradicted official assurances about wallet functionality, indicating unresolved transaction issues. Personal Paraguay did not disclose technical details of the attack vector, compromised systems, or data exposure. DataBreaches attempted contact via email and Facebook but received no response. The company stated no ransom demand occurred, though the absence of such demands remained unexplained. Concurrently, Lockbit 3.0 claimed responsibility for attacks against multiple Latin American entities, including Argentina's Macrotel, between October 25-28, though these claims lacked supporting evidence. Other regional incidents included ALMA Observatory's October 29 operational shutdown in Chile and unreported attacks against Fisco SaƩde (Brazil) and Villa Toro de Hisba, none of which publicly attributed blame to Lockbit during the same timeframe.