Cyber Incident Victim: Directorate General de Inteligencia

On or around May 8, 2022, the Conti ransomware group publicly claimed responsibility for a cyberattack targeting Peru’s Directorate General de Inteligencia (DIGIMIN), the nation’s primary intelligence agency responsible for national, military, police intelligence, and counterintelligence operations. The group listed DIGIMIN on its Tor-based leak site, asserting it had exfiltrated approximately 9.41 GB of data from the agency’s systems. At the time of the announcement, DIGIMIN’s official website was inaccessible, indicating potential operational disruption stemming from the incident. The compromise of a high-level intelligence organization raised immediate concerns regarding the exposure of classified documents, operational methodologies, and sensitive counterintelligence assets. Such a breach could undermine national security protocols, diplomatic relationships, and ongoing intelligence operations due to the agency’s central role in Peru’s security infrastructure. No specific details regarding the initial attack vector, duration of unauthorized access, or exact nature of the stolen data were disclosed by Conti or confirmed by Peruvian authorities in the available reporting.

The incident occurred amid heightened international scrutiny of Conti’s activities, particularly following a May 2022 announcement by the U.S. Department of State offering rewards totaling up to $15 million for information leading to the identification or arrest of the group’s leadership and affiliates. This bounty, part of the Transnational Organized Crime Rewards Program (TOCRP), included $10 million for information on key Conti leaders and an additional $5 million for details facilitating arrests or convictions related to Conti-linked ransomware incidents. While the article did not document specific remediation steps taken by DIGIMIN or the Peruvian government, the inaccessible website suggested efforts to contain the breach or mitigate further damage. The targeting of a national intelligence agency represented an escalation in Conti’s operations, highlighting the group’s willingness to pursue high-risk, high-impact entities despite increased law enforcement pressure. The potential dissemination of stolen intelligence data posed multifaceted risks, including compromise of human sources, exposure of surveillance capabilities, and erosion of trust among international intelligence partners.