Wave of cyberattacks on organizations, journalists and digital media of Nicaragua
In La Prensa, July 10, 2025
Those most recently affected are journalists of Nicaragua Actual, who lost access to their YouTube channel. Another two journalists have reported recent hacking attempts.
The Nicaragua Actual informational platform joined the denouncements of cyberattacks which Nicaraguan journalists and dissidents in exile have experienced in recent months. Those affected agree that these actions are directed by the dictatorship of Daniel Ortega and his wife, Rosario Murillo, due to the fact that this regime is advised by its Russian allies on cybersecurity issues and the capacity of Russia for carrying out cyberattacks is known in the world.
Nicaragua Actual, composed of the journalists Yelsin Espinoza, Gerall Chávez, Ulises Mendieta and Héctor Rosales, denounced this Thursday July 10 in a press release that “information criminals” took control over their YouTube channel which has more than 100,000 subscribers.
“We are working tirelessly on recovering control over our channel and to secure all our information. In these difficult moments for journalists in exile, the monetization through our YouTube channel was allowing us to continue informating the Nicaraguan population,” they expressed in the message.
The journalist Yelsin Espinoza denounced also that the virtual criminals took control of the Canvas, Drive accounts, which are tools that they use for the production of the information, and in addition that there were hacking attempts on the personal emails of the members.
The journalist Héctor Rosales told La Prensa that he has no doubt that it is an attack of the Ortega Murillo regime aimed at the work of informing. “It bothers the dictatorship that we are still standing. It bothers them that we continue defeating the censorship that principally Rosario wants to impose,” said Rosales.
It is general knowledge that the dictatorship of Daniel Ortega created an entire team that works solely for the purpose of carrying out attacks on social media, known as trolls, who also carry out technical attacks on news platforms.
Other hacked organizations
This past July 2nd, the Latin American Center for Human Rights Assistance (CALIDH) denounced a hacking attempt which they attributed to the Daniel Ortega and Rosario Murillo regime, and warned that their biggest fear was that they could trace the users who exchanged messages through this medium, given that in the past they have received warnings and threats of physical attacks, possibly coming from the dictatorship.
In the alert that CALIDH received, Google warned that it is possible that “attackers backed by some government” are trying to steal the password of the email which the organization uses.
“We believe that no other government, apart from the Nicaraguan, would be interested in accessing our information. So far, the attacks have been limited to attempts to sabotage our passwords,” said Danny Rarmírez, the executive secretary of CALIDH.
Also in January 2024 the lawyer and researchers Martha Patricia Molina, author of the report Nicaragua. A Persecuted Church?, denounced that the webpage that has this document was under daily hacking attempts, that had the risk of disabling it.
“They are trying to get into the programming of the page. The thing is that if they get in, they can steal it, in other words, they can keep the domain and do what they want with the content,” explained the researcher at that time.
Journalists affected
So far this year at least two journalists have publicly denounced cases in which users have used their names to send emails to other colleagues, with links that presumably contain malicious files or that seek to steal information.
One of the cases is that of the Nicaraguan journalist Cindy Regidor, who on her social network warned on June 10 that someone was sending emails in her name. In addition, she shared a screen capture of a message which stated that it had information about a supposed list of people who would be detained by the dictatorship.
“Hi, someone is sending messages passing themselves off as me. If you get a message from the email cgregidor@outlook.com, do not pay attention to the content, block it, and if possible, report it,” Regidor wrote in her X account.
“We suspect that it is coming from the dictatorship”
On May 6th the journalist Jennifer Ortiz, director of Nicaragua Investiga, also was the victim of a similar attempt. According to what she said, she realized that someone was using her name to send an email to the journalist Álvaro Navarro, director of Artículo 66, in which she supposedly was sharing documents with him for a research alliance.
“It caught Álvaro´s attention for two reasons: first, because the message talked about a research alliance which did not exist, and secondly, by the way in which it was written. It was not our usual style. Since we have worked together several times, we have developed trust, and that email did not reflect that closeness”, Ortiz explained.
The journalist does not rule out that these attacks are coming from the regime of Daniel Otega and Rosario Murillo, as part of their surveillance and repression mechanisms.
“We suspect that this is coming from the dictatorship and the trolls of people who they employ for espionage work. It seems that they are trying to take down journalists. The recent case of Cindy confirms that these practices continue active,” she stated.
Ortiz added that this has not been the only strange situation that she has experienced. A few days ago, she received messages in her Whatsapp from a Costa Rican number with the logo of the Nicaraguan State TV channel 6.
Phishing?
A cybersecurity specialist in Costa Rica, consulted under conditions of anonymity for security reasons, pointed out that this type of action could be phishing, a cybercrime technique that uses social engineering to deceive people and obtain confidential information, like passwords or personal data.
“Nevertheless, you should not rule out that they are also sending malicious files – like happened in Ortiz´s case – with the purpose of infecting computers and accessing sensitive information of the information media, “ he warned.
For that reason, he recommended not opening links received by email without previously verifying that the communication really came from the sender.
