Cyber Incident Victim: Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET)

On or around April 20, 2022, Argentina’s National Scientific and Technical Research Council (CONICET) experienced a cyberattack involving ransomware that disrupted operations at its Central Headquarters. The attack utilized malicious software designed to encrypt the organization’s data, rendering it inaccessible to legitimate users. CONICET confirmed the incident in an official statement, acknowledging operational delays affecting routine intranet procedures. The attackers employed a technique known as "criptoviral extortion," where encrypted files are held hostage until a ransom payment is made. While the specific ransom demand or payment details were not disclosed, the attack’s mechanism aligned with typical ransomware campaigns targeting institutional entities. The intrusion caused immediate disruptions to CONICET’s internal systems, though critical research infrastructure outside the Central Headquarters appeared unaffected based on available reports.

CONICET’s incident response team initiated containment measures to prevent further network compromise, successfully halting additional attack attempts linked to the initial breach. Recovery efforts included partial restoration of encrypted data and isolation of sensitive equipment to limit the attack’s spread. The organization prioritized restoring normal operations at the Central Headquarters but did not specify a timeline for full recovery. No evidence suggested public exposure or sale of stolen data, distinguishing this incident from prior attacks on Argentine state agencies like the 2021 Renaper breach or the 2020 Migraciones intrusion referenced in contextual comparisons. CONICET’s communications emphasized ongoing mitigation work without elaborating on technical vulnerabilities exploited or attributing responsibility to any threat actor group.