Guacamaya (hacktivist group)
Guacamaya is an international group of hackers that has published anonymous reports and leaked sensitive files in the public interest through Distributed Denial of Secrets and Enlace Hacktivista. It operates mainly in Central and Latin America and to date has hacked major corporations and the governments of Chile, Colombia, El Salvador, Guatemala, Mexico and Peru.
Motivation
The group says they're motivated by anti-imperialism and environmentalism, and that they fight against transnational corporations and external intervention in Latin America, singling out extractivism and the armed forces and the defense of natural resources and native communities.The group said they wanted to expose companies and governments, "so that everyone knows their way of operating, their actions, their profits and the interest that is clearly to profit no matter the damage they cause." Guacamaya told Motherboard in an email. "These hacks are another form of struggle and resistance, they are the continuation of an ancestral legacy; taking care of life. We hope to cause more people to join, to leak, sabotage, and hack these sources of oppression and injustice, so that the truth be known and that it is the people who decide to end it." They told Cyberscoop that they target "anything that represents oppressive states, multinational corporations and, in short, anything that supports this system of death."
Hacks
Attacks on transnational companies
In 2022, the group said they were responsible for a series of cyberattacks aimed at large mining companies in Latin America, including the Colombian oil company New Granada Energy Corporation, the Brazilian mining company Tejucana, the Venezuelan oil company Oryx Resources, the Ecuadorian state-owned mining company ENAMI EP, and the Chilean boric acid producer Quiborax.2022 Guatemalan Nickel Company Hack
In March 2022, Guacamaya first became known by hacking the mining company Compañía Guatemalteca de Níquel, a subsidiary of Solway Investment Group. The leaked documents reveal payments to Guatemalan Police who persecuted and detained activists and journalists who opposed the "Fénix" mining project in El Estor, Guatemala.Operation Fuerzas Represivas
In mid-2022, the group announced Operation Fuerzas Represivas, a series of cyberattacks aimed at the armed forces of Chile, Colombia, Mexico, Peru, and El Salvador.Hacking of the Joint Chiefs of Staff of Chile in 2022
In 2022, the Chilean press reported on the hacking of the Chilean Joint Chiefs of Staff, a massive leak of national security data. The leak was made up of emails sent and received between 2012 and May 2022 by EMCO, the agency in charge of intelligence, operations and logistics for national defence purposes. General Guillermo Paiva Hernández, head of the country’s Joint Chiefs of Staff, resigned in response to the leak.Hacking of Mexico's National Defense Ministry (SEDENA) in 2022
On September 29, 2022, Mexican journalist Carlos Loret de Mola announced on his newscast that he had received six terabytes of hacked data from the Mexican Ministry of National Defense. The leak, which contains internal communications and documents from the army's email servers from 2010 to 2022, is considered the largest in the history of Mexico. Citing privacy concerns, the Guacamaya group categorized the data set as limited distribution. Journalists and organizations seeking access must provide credentials and agree to reproduce the records responsibly.Known as the "SEDENA Leaks" or the "Guacamaya Leaks," the data set reveals the Mexican military's links to criminal organizations and the army's surveillance of opposition groups, politicians, journalists, and activists. Among the revelations, the leaks demonstrate widespread sexual abuse within the army and the targeting of feminists groups as subversive organizations that pose a threat equal to cartels. They also show the military's use of the Pegasus spyware and its deployment against journalists, human rights activists, and government officials. The leak reveals new details of the army's role in the Ayotzinapa case where forty-three students were forcibly disappeared. Information on the health of President Andrés Manuel López Obrador, army contracts for the construction of the Mayan train, and the military's development of a tourist business, including parks, a national airline, museums, and hotels are also included in the leaked data.
The Mexican government's response to the hack has attempted to minimize and even deny the revelations. López Obrador, whose presidential campaign promised to end state surveillance of private citizens, continues to insist that his administration "does not spy."