Cyber Incident Victim: National Directorate of Health Surveillance
Date:
Jun 2025
Location:
Paraguay
Summary
The Ministry of Information and Communication Technologies activated its incident response protocol after detecting unauthorized access to several government web portals, including the National Directorate of Health Surveillance, the Ministry of Public Works and Communications, the General Audit of the Executive Power, and the Ministry of Environment and Sustainable Development. Investigations determined that the breaches resulted from the use of leaked user credentials, typically harvested by infostealer malware designed to exfiltrate sensitive data. The affected entities worked with their information security officers and the national cyber incident response team to contain the compromises. The ministry emphasized that the incidents have been contained.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2025, the Ministry of Technologies of Information and Communication (MITIC) reported that unauthorized accesses had been detected on the public web portals of several state institutions. Among the affected entities were the Ministry of Public Works and Communications (MOPC), the National Directorate of Health Surveillance (DINAVISA), the General Audit of the Executive Branch (AGPE), and the Ministry of Environment and Sustainable Development (MADES). The investigation determined that the breaches resulted from the use of leaked user credentials. Those credentials were obtained through infection with an infostealer malware designed to exfiltrate valuable data. The compromised pages included DINAVISA’s digital portal, which was accessed without authorization. Upon confirmation of the incidents, MITIC immediately activated its cybersecurity incident response protocol. The response was carried out in close collaboration with the Computer Security Incident Response Team of Paraguay (CERT‑PY) and the information security officers of each affected institution. MITIC coordinated the containment efforts and provided guidance to the responsible security teams.
According to MITIC, the unauthorized accesses were contained after the investigation and the affected portals were secured. Services on the DINAVISA portal and the other compromised sites were restored to normal operation following the containment actions. MITIC reiterated the importance of using strong, unique passwords, enabling two‑factor authentication, and keeping operating systems up to date as part of the response. For reporting any cybersecurity incident, MITIC instructed users to contact the abuse address [email protected]. Additionally, MITIC noted that CERT‑PY publishes detailed statistics on handled reports, which are publicly available at www.cert.gov.py/estadisticas/. The statement concluded with a reminder that the incidents had been resolved and that monitoring continued to prevent recurrence.