Cyber Incident Victim: MOPC, DINAVISA, AGPE, MADES
Date:
Jun 2025
Location:
Paraguay
Summary
The Ministry of Information and Communication Technology reported that unauthorized accesses were detected on the web portals of the Ministry of Public Works and Communications, the National Directorate of Health Surveillance, the General Audit of the Executive Branch, and the Ministry of Environment and Sustainable Development. The attacks were carried out using leaked user credentials, likely harvested by infostealer malware, and were contained after activating the national cyber incident response protocol in coordination with each institution’s information security officers. The breaches have been contained, and the agency reiterated the need for stronger password practices and two‑factor authentication.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Ministry of Technologies of Information and Communication (MITIC) reported that vulnerabilities were detected on the web portals of the Ministry of Public Works and Communications (MOPC), the National Directorate of Health Surveillance (DINAVISA), the General Audit of the Executive Branch (AGPE) and the Ministry of Environment and Sustainable Development (MADES). MITIC stated that a coordinated response had been provided to the affected entities and that the incidents had been contained through the Cyber Incident Response Center of Paraguay (CERT‑PY). Upon detecting the situation, MITIC immediately activated its incident response protocol. The activation involved close collaboration with the Information Security Officers of each of the affected institutions. MITIC worked together with CERT‑PY and those officers to manage the response.
According to the investigations carried out, the four cases corresponded to unauthorized accesses that were obtained by using leaked user credentials. The leakage generally resulted from infection by a malware known as an “infostealer,” which is designed to extract and steal valuable data. The investigations indicated that the compromised credentials allowed attackers to gain entry to the portals. MITIC communicated that the vulnerabilities have already been contained. No further details about the scope, duration or specific impacts were provided in the source.