Rhysida ransomware group claims major attack on the Chilean army's internal network

The Chilean Army suffered a significant ransomware attack that resulted in the loss of confidential data from the army’s internal network.

According to Chilean media agencies, the Chilean Army on May 29 confirmed that its IT department detected a ransomware attack targeting its internal network on May 26. The army immediately disconnected the network from the Internet and switched off all affected systems. The Military Prosecutor’s Office immediately launched an investigation and issued an order to PDI Metropolitan Cybercrime Investigation Brigade to look into the same.

The army quickly notified the Computer Security Incident Response Team (CSIRT) of the Joint Chiefs of Staff and the Ministry of National Defence about the ransomware attack as well.

“The audit of the data transmission network by institutional cybersecurity agencies continues to be carried out and the certification of the implementation of the network is being controlled safely,” the Army said in a statement shared with the media.

The army’s investigation led to the arrest of an Army corporal who was found to be involved in the ransomware attack. Law enforcement authorities seized several electronic devices from the Army corporal that are now being examined by the investigators. The alleged perpetrator has been charged with the crime of breaching the law on computer crime and is now held in pretrial detention.

The Rhysida ransomware gang has claimed responsibility for the ransomware attack on the Chilean Army and listed it on its data leak site. According to security researcher Germán Fernández from Chilean cybersecurity firm CronUp, the ransomware gang has already published around 360,000 documents stolen from the Chilean Army.

“Rhysida ransomware published around 360,000 documents from the Chilean Army 🇨🇱(and according to them, it is only 30%). I hope that giving visibility to this type of news will help generate more awareness and consequently changes, but enough is enough,” Fernández tweeted.

Earlier this month, the Caribbean Island of Martinique said it suffered a significant cyber attack that disrupted the island’s internet service and other critical infrastructure. In a statement shared with the media on May 24, officials from the Island of Martinique said that threat actors infiltrated its network on May 16 and “heavily disrupted the activities of the community and directly impacted users and partners.”

The Rhysida ransomware group had claimed responsibility for the cyber attack on the Island of Martinique and listed it on its data leak site. The group later published data allegedly stolen from the government but did not mention the amount of the data it stole or whether it negotiated a ransom payment with the city officials.