Cyber Incident Victim: Comisión Nacional de Acreditación
Date:
Sep 2022
Location:
Chile
Summary
The Comisión Nacional de Acreditación, a Chilean public entity responsible for accrediting higher education institutions, was listed as a victim by the LockBit ransomware group amid a wave of attacks targeting South American organizations. The incident followed recent cyberattacks on other Chilean entities and official warnings about ransomware threats in the region. While LockBit claimed responsibility, no proof of data exfiltration was publicly provided, and neither the organization nor the attackers responded to verification attempts. The unconfirmed breach occurred alongside similar listings of Colombian and Venezuelan firms by the same group, reflecting broader regional targeting of critical sectors. A separate Peruvian educational institute's data also appeared on hacking forums during this period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Comisión Nacional de Acreditación (CNA), Chile’s public agency responsible for evaluating and accrediting higher education institutions, was listed as a ransomware victim by the LockBit group on or before September 16, 2022. LockBit added CNA to its leak site alongside three other South American entities—Colombia’s Independence and Quintal, and Venezuela’s Makler—though no proof-of-hack data was publicly released for any of these victims at the time of reporting. DataBreaches.net attempted to verify the incident by contacting both CNA and LockBit’s representatives via email and Tox chat, respectively, but received no responses. The agency’s website showed no public acknowledgment of a breach, and Chilean authorities had not issued any official statements confirming the incident as of the article’s publication date. This occurred within weeks of two other significant Chilean cybersecurity events: a confirmed attack on SERNAC (Chile’s National Consumer Service) and a CSIRT (Computer Security Incident Response Team) alert urging public entities to heighten ransomware defenses.
LockBit claimed to have exfiltrated 180 GB of data from Independence, though CNA’s specific data volume and content were not disclosed. The absence of proof packs, victim confirmations, or disruptive service announcements left the CNA incident unverified. No operational disruptions, data leaks, or containment measures were documented in available sources. Concurrently, Peru’s Instituto De Desarrollo Profesional (IDEPRO) suffered a separate but overlapping breach, with 1 GB of SQL data containing personal identifiers and credentials leaked on a hacking forum, prompting Peru’s national cybersecurity center to acknowledge coordination with relevant institutions. In contrast, Chile’s CNA exhibited no detectable public response or remediation efforts, aligning with the broader pattern of unreported outcomes among LockBit’s listed South American targets during this period. The incident underscored regional vulnerabilities following explicit warnings from Chilean cybersecurity authorities about escalating ransomware threats targeting public infrastructure.