Alleged Breach of Colombia's Huila Department Government Extranet Exposes Officer Data, Municipal Offices, and Government Operations Across 8 Municipalities
NyxarGroup breaches Colombia's Huila Department government extranet, exposing officer data and municipal records across
Summary
NyxarGroup, collaborating with three other threat actors (ArcRaidersPlayer, Petro_Escobar, and CryptoDead), claims to have breached extranet.huila.gov.co and exfiltrated government officer records, municipal office data, and internal operations across 15+ departments and 8 municipalities in Colombia's Huila Department. The stolen data—including names, positions, phone numbers, emails, and organizational details—is being sold for $150 on dark web forums. This breach continues NyxarGroup's pattern of targeting Latin American government infrastructure and follows CryptoDead's previous involvement in the ICFES Colombia data leak affecting 30 million people.
Full text
Dark Web Informer - Cyber Threat Intelligence Alleged Breach of Colombia's Huila Department Government Extranet Exposes Officer Data, Municipal Offices, and Government Operations Across 8 Municipalities April 6, 2026 - 5:32:00 PM UTC Colombia Government Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-06 17:32:00 UTC Threat Actor NyxarGroup Victim Huila Department Government Industry Government Category Data Breach Collaborators ArcRaidersPlayer, Petro_Escobar, CryptoDead Municipalities 8 Government Offices 15+ Departments Price $150 Network Open Web Source extranet.huila.gov.co Country Colombia Incident Overview NyxarGroup, in collaboration with three other threat actors (ArcRaidersPlayer, Petro_Escobar, and CryptoDead), claims to be selling data exfiltrated from extranet.huila.gov.co, the government extranet for the Department of Huila in Colombia. This marks NyxarGroup's continued targeting of Latin American government infrastructure, following their earlier breaches of Chile's Ley del Lobby platform and Servicio Civil, and CryptoDead's involvement in the ICFES Colombia data leak. The breach exposes two main categories of data: Officer Information: Government employee records with the following fields: Nombre (name), Cargo (position/title), Tipo (type), Telefono (phone), Correo (email), Entidad (entity/agency), Unidad (unit), Sede (office location), and Grupo (group/department). Municipal Offices: User data, contacts, and site information for 8 mayors' offices (Alcaldias) across the Huila department: Algeciras, Campoalegre, Isnos, Nataga, Palermo, Pitalito, Rivera, and Tello. The listing also references data from across 15+ government departments and offices including internal control, treasury, the governor's office, legal, rural and business development, planning, secretary of education, secretary of health, ICTs, traffic, works unit, dco-alg-general-warehouse, and the family commissioner. Additional information from the Government of Huila itself is also mentioned. The data is priced at $150, with contact via PM or SimpleX messaging. The low price point and the collaborative nature of the listing (four named actors working together) suggest this is part of an organized campaign targeting Colombian government infrastructure. The fact that CryptoDead, who previously leaked the ICFES data affecting 30 million Colombians, is involved as a collaborator indicates a group with established interest in Colombian government targets. Compromised Data Categories Government Officer Names Position Titles Phone Numbers Email Addresses Government Entity Assignments Organizational Units Office Locations Municipal Mayors' Office Data (8) Internal Control Records Treasury Data Governor's Office Records Health & Education Secretary Data Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets the government extranet (extranet.huila.gov.co) to gain unauthorized access to officer records, municipal data, and departmental information across Huila's government infrastructure. T1213 Data from Information Repositories Extracts structured government data from the extranet including officer directories, organizational structures, and municipal office records across 15+ departments and 8 municipalities. T1589.003 Gather Victim Identity: Employee Names Harvests government officer names, positions, contact details, and organizational assignments, creating a directory useful for social engineering and targeted attacks against Huila's government. T1567 Exfiltration Over Web Service Advertises and sells the stolen government data through web forums for $150, coordinated across four collaborating threat actors with contact via PM or SimpleX messaging. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com
Indicators of Compromise
- domain — extranet.huila.gov.co