Menu
Browse

Cyber Threat Actor: Guacamaya

Aliases: 4 aliases
Actor Type Location Known Incidents
 Icon
Activist
Ecuador
13 incidents
Profile

Guacamaya, also known as GuacamayaLeaks or the Guacamaya Collective, is a hacktivist group operating primarily in Latin America, with publicly noted activity linked to Ecuador. The collective focuses on exposing perceived environmental exploitation, governmental corruption, and military repression through cyber intrusions and data leaks. Their name derives from a type of bird, symbolizing a connection to ecological causes. Guacamaya publicly frames its actions as resistance against resource extraction and ecological harm, emphasizing solidarity with affected communities and advocating for revolutionary change through digital activism.

The group systematically targets sectors and entities associated with environmental regulation, extractive industries, and military or police organizations across Central and South America. Their operations have compromised state mining companies in Ecuador and Chile, oil firms in Venezuela and Brazil, environmental oversight agencies in Colombia and Guatemala, and military institutions in Mexico, El Salvador, and other regional nations. Strategic objectives center on disruption and exposure rather than financial gain, aiming to unveil corporate pollution, governmental surveillance, military misconduct, and corruption. Leaked materials often reveal internal communications, operational details, and evidence of environmental damage, which Guacamaya disseminates to spur investigative journalism or public scrutiny.

Notable tactics include exploiting software vulnerabilities like Microsoft’s ProxyShell for initial access, as seen in their breach of multiple regional militaries. They exfiltrate large volumes of sensitive data—often terabytes of emails and documents—and publish findings through platforms such as Enlace Hacktivista, while collaborating with transparency groups like Distributed Denial of Secrets (DDoSecrets) to amplify reach. Representative campaigns include the August 2022 leaks of military documents from Mexico’s Secretaría de la Defensa Nacional and other armed forces, exposing surveillance operations and internal disputes, alongside a simultaneous release of mining company data revealing corporate pollution across six countries. Another operation in March 2022 involved leaking 4.2 terabytes from Swiss-owned mining subsidiaries, which fueled international investigative reporting on environmental misconduct in Guatemala. Guacamaya selectively withholds data that could endanger individuals, reflecting a stated intent to avoid collateral harm while maximizing political impact.

Incidents
Attributed incidents available to members
13 incidents
Sources
Sources available to members
1 source