Guacamaya

Guacamaya is an international hacktivist group operating mainly in Central and Latin America. It has published anonymous reports and leaked sensitive files via Distributed Denial of Secrets and Enlace Hacktivista. The group states that it is motivated by anti-imperialism and environmentalism, and that it targets transnational corporations, extractive industries, armed forces, and state institutions it views as oppressive. Guacamaya told media outlets that it aims to expose how companies and governments operate and to encourage leaking, sabotage, and hacking. The group is described as having hacked major corporations and the governments of Chile, Colombia, El Salvador, Guatemala, Mexico, and Peru. In 2022, it claimed responsibility for cyberattacks against mining and energy companies in Latin America, including New Granada Energy Corporation, Tejucana, Oryx Resources, ENAMI EP, and Quiborax. In March 2022, it became widely known after hacking Compañía Guatemalteca de Níquel (CGN), a subsidiary of Solway Investment Group; the leak allegedly revealed payments to Guatemalan Police connected to persecution and detention of activists and journalists opposing the Fénix mining project in El Estor, Guatemala. In mid-2022, Guacamaya announced “Operation Fuerzas Represivas,” a series of cyberattacks aimed at the armed forces of Chile, Colombia, Mexico, Peru, and El Salvador. High-profile operations attributed to the group include the 2022 compromise of Chile’s Joint Chiefs of Staff (EMCO), which led to a massive leak of national security data and the resignation of General Guillermo Paiva Hernández; the 2022 “SEDENA Leaks” involving six terabytes of hacked data from Mexico’s Ministry of National Defense, including internal communications and documents from army email servers spanning 2010 to 2022; and a 2022 leak of military intelligence data from Peru’s Joint Command of the Armed Forces. The SEDENA leak was described as revealing alleged links between the Mexican military and criminal organizations, surveillance of opposition groups, politicians, journalists, and activists, use of Pegasus spyware, details related to the Ayotzinapa case, information about President Andrés Manuel López Obrador’s health, and military contracts related to the Mayan Train. In November 2023, the OCCRP-led “NarcoFiles” investigation was based on more than seven million emails from Colombia’s prosecutor’s office that were reportedly hacked by Guacamaya. The available content identifies Guacamaya as a hacktivist group; it does not directly attribute it to a nation state. One source also notes that Guacamaya’s name and unofficial proxies may have been used as a smokescreen to obscure the real perpetrators in an unrelated El Salvador biometric data breach.