Cyber Incident Victim: Ministerio de Salud Pública y Bienestar Social
Date:
Jun 2025
Location:
Paraguay
Summary
Cybercriminals infiltrated the Judicial Magistrates' Jury and the Ministry of Public Health and Social Welfare, prompting the detection of irregular activity that suggested unauthorized access attempts. In response, the affected entities isolated their servers while the national cyber incident response center activated containment protocols and began investigations to restore normal operations. The incidents follow a earlier breach of a high‑profile social media account, highlighting a pattern of targeting government digital assets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Saturday, June 21, 2025, the Centro de Respuesta ante Incidentes Cibernéticos del Paraguay (CERT‑PY) detected cyber incidents affecting two state institutions, the Jurado de Enjuiciamiento de Magistrados (JEM) and the Ministerio de Salud Pública y Bienestar Social (MSPBS). The detection was communicated to the public through a news report that cited the CERT‑PY as the source of the alert. According to the JEM’s own statement, its security team discovered irregular activity on its networks that suggested, at minimum, a possible attempt at unauthorized access. In response to this finding, the JEM decided to block its servers as a precautionary measure to safeguard its files and programs from further compromise. The ministry’s action was described as a protective step intended to prevent any potential data loss or disruption of judicial processes.
The Ministerio de Información Tecnología y Comunicación (Mitic) responded by activating its established incident response protocols for both affected entities. Mitic reported that the incidents had been contained, meaning that the immediate threat had been halted and no further propagation was observed at that time. Despite containment, Mitic emphasized that the situations remained under active investigation to determine the full scope, origin, and any residual effects, with the goal of restoring normal operations as soon as practicable. The report also referenced an earlier, unrelated cyber event that occurred on June 9, 2025, when the X account of President Santiago Peña was compromised by cybercriminals who used the account to post a false announcement about a bitcoin offering; the presidency later regained control of the account. No additional details about the specific systems, data, or attacker motives concerning the MSPBS breach were provided in the source material. The narrative presented reflects only the facts explicitly stated in the article, including the date of detection, the institutions involved, the actions taken by the JEM and Mitic, the containment status, the ongoing investigation, and the contextual mention of the prior presidential account compromise.