Alleged Breach of Chile's Ley del Lobby Platform Exposes 250GB of Government Lobbying Records Spanning 2018 to 2026

Summary

A threat actor identified as NyxarGroup allegedly breached Chile's Ley del Lobby transparency platform, exposing 250GB of government lobbying records spanning 2018–2026. The dataset includes detailed hearing records, personal identifiers (RUT numbers, passport numbers), contact information, meeting schedules, and details involving senior government and military officials. The compressed archive (3GB) is being sold on the dark web for $2,000.

Full text

Dark Web Informer - Cyber Threat Intelligence Alleged Breach of Chile's Ley del Lobby Platform Exposes 250GB of Government Lobbying Records Spanning 2018 to 2026 March 23, 2026 - 1:58:18 AM UTC Chile Government Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-03-23 01:58:18 UTC Threat Actor NyxarGroup Victim Ley del Lobby (Chile) Industry Government Category Data Breach Data Size 250 GB (3 GB Compressed) Data Range 2018 - 2026 Price $2,000 Network Open Web Country Chile Incident Overview A threat actor going by NyxarGroup claims to be selling 250GB of data from Chile's Ley del Lobby platform, the government transparency portal that records and monitors lobbying activities carried out by individuals, companies, and organizations in relation to public decisions. The platform is designed to make transparent the influences that interest groups exert on legislative and administrative processes throughout the country. The dataset allegedly spans from 2018 to 2026 and contains detailed records of lobbying hearings with the following fields: Hearing Records: Hearing record identifiers, folio numbers, dates of receipt, and recipients of applications. Institutional Data: Institution names, positions held, official titles, and individualization of applicants. Personal Identifiers: Full names, RUT numbers (Chile's national identification), passport numbers, and issuing country. Contact Information: Means of contact, quality designations, and names of represented parties. Meeting Details: Specific matters to be addressed, specifications of matters, attendees at each hearing, additional information, details of the meeting itself, modality (in-person or virtual), place, commune, date, and time. The actor notes that the sample data includes hearings scheduled for the coming month, as well as meetings involving senior government and military officials including General Officers, Directors of Intelligence, Chiefs of Development Divisions, Directors of Public Safety, Directors of Naval Systems Engineering, and Chiefs of Field Telecommunications of the Logistics Command. The compressed file is 3GB and the uncompressed dataset is 253GB. The listing is priced at $2,000 with contact via PM or SimpleX messaging. Compromised Data Categories Lobbying Hearing Records RUT / National ID Numbers Passport Numbers Full Names Government Official Positions Institutional Affiliations Contact Information Meeting Schedules & Locations Military Officer Details Represented Party Names Matters Addressed in Hearings Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets vulnerabilities in government web applications to gain unauthorized access to backend databases containing lobbying and transparency records. T1213 Data from Information Repositories Extracts structured records from the government transparency database, pulling hearing records, applicant details, official positions, and meeting schedules spanning 8 years. T1005 Data from Local System Collects data directly from compromised government systems, extracting 250GB of lobbying records including national identification numbers and classified meeting details. T1560 Archive Collected Data Compresses 253GB of stolen data down to a 3GB archive for efficient distribution, reducing the original dataset by roughly 98%. T1589.001 Gather Victim Identity: Credentials Harvests national identification numbers (RUT), passport numbers, and personal details of government officials, lobbyists, and military personnel for resale. T1567 Exfiltration Over Web Service Uses web forums and SimpleX messaging to advertise and sell the stolen government database, with samples provided to verify data authenticity. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• malware — NyxarGroup
• mitre_attack — T1190
• mitre_attack — T1213
• mitre_attack — T1005
• mitre_attack — T1560
• mitre_attack — T1589.001
• mitre_attack — T1567