Menu
Browse

Cyber Threat Actor: Enlace Hacktivist

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Mexico
2 incidents
Profile

Enlace Hacktivist, also referred to as the Enlace Hacktivist Collective, is a hacktivist group that has been publicly associated with operations originating from Mexico. The collective uses the aliases Enlace Hacktivist and Enlace Hacktivist Collective in open‑source reporting and is noted for its focus on exposing what it perceives as harmful surveillance capabilities. No further details about its size, internal structure, or financial resources are available in the provided material.

In January 2023 the collective was credited with leaking approximately 1.7 terabytes of data from the digital forensics firm Cellebrite. The leaked package included proprietary software suites, technical guides, and specific tools such as the UFED device that law enforcement agencies use to extract information from mobile phones. According to the reporting, the exfiltration was facilitated by a whistleblower who provided insider access, after which the data was distributed through torrent networks and shared on platforms like DDoSsecret. The disclosure prompted renewed debate about the potential misuse of Cellebrite’s technology against journalists, activists, and dissidents in various countries.

The operation demonstrates that the group’s observed targeting has included a company that supplies digital forensics solutions to law enforcement and intelligence entities worldwide. By focusing on a firm whose products are employed by governmental clients across multiple regions, the collective effectively aimed at a target with a broad international customer base. No additional sectors or geographic patterns are described in the source material beyond this single incident.

Regarding tactics, techniques, and procedures, the only explicitly referenced initial access vector is the involvement of a whistleblower who provided privileged information to the actors. The collective’s subsequent actions centered on the exfiltration and public distribution of the stolen data, utilizing file‑sharing methods such as torrents and the DDoSsecret repository. No malware families, exploit kits, or specific tooling styles are mentioned in the available reports.

Attribution information is limited to the group’s self‑identified nature as a hacktivist collective with a known association to Mexico. The sources do not indicate any state sponsorship, links to criminal syndicates, or affiliations with larger hacker alliances. Consequently, the public record presents Enlace Hacktivist as an ideologically motivated actor that has carried out a notable data‑leak operation against a digital forensics provider without further detail on its broader campaign history.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source