NyxarGroup has claimed two separate compromises involving Chilean government-related platforms, including an alleged theft of 250GB of data from Chile’s Ley del Lobby transparency portal and the publication of 110,000 records from the Servicio Civil training platform. The Ley del Lobby listing advertises data spanning 2018 to 2026 for $2,000, with the actor asserting it includes hearing records, institutional data, full names, Chilean RUT numbers, passport details, contact information, represented-party names, and detailed meeting schedules and locations.
The alleged exposure is particularly sensitive because the sample reportedly contains upcoming hearings and meetings involving senior government and military officials, raising concerns about both privacy and operational security. In the separate Servicio Civil incident, the leaked records reportedly contain full names and internal user IDs, effectively creating a directory of Chilean public servants. The actor is said to have released that dataset for free on the open web and indicated plans to publish data from another Chilean website, suggesting a broader campaign targeting Chilean public-sector systems.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Following the two Chile-related disclosures, NyxarGroup reportedly indicated plans to release data from another Chilean website in the future. This suggested a possible ongoing campaign against Chilean government-linked platforms.
NyxarGroup allegedly published for free a dataset of roughly 110,000 records from Chile's Servicio Civil campus training platform. The exposed information reportedly included full names and internal user IDs of Chilean public servants, creating a directory of government employees.
NyxarGroup claimed it had stolen about 250GB of data from Chile's Ley del Lobby platform and listed the dataset for sale for $2,000. The data was described as spanning 2018 to 2026 and allegedly included lobbying records, identity details, contact information, and meeting schedules involving senior government and military officials.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
darkwebinformer.com
Open sourcedarkwebinformer.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.