Cyber Incident Victim: Tejucana
Date:
Aug 2022
Location:
Brazil
Summary
A hacktivist collective named Guacamaya leaked over 2 terabytes of internal emails and documents from multiple mining firms, including Brazilian company Tejucana, as well as environmental oversight agencies in Colombia and Guatemala. The group publicly released the materials through Enlace Hacktivista and transparency platform DDoSecrets, denouncing environmental exploitation and pollution by international corporations operating in Central and South America. This followed their earlier release of 4.2 terabytes of data from mining subsidiaries that revealed corporate pollution, government manipulation, and journalist surveillance, which subsequently fueled a global investigative journalism collaboration. Guacamaya framed their actions as digital resistance against resource extraction and ecological harm, aligning with local communities' struggles.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, the hacktivist collective Guacamaya published over 2 terabytes of stolen emails and internal files from seven organizations across Central and South America, including Brazilian mining firm Tejucana. The data dump targeted five mining companies and two government environmental agencies—Colombia’s Agencia Nacional de Hidrocarburos and Guatemala’s Ministerio De Ambiente y Recursos Naturales—with materials posted to Enlace Hacktivista, a platform for hosting activist leaks. Guacamaya’s Spanish-language communique accused international governments and corporations, specifically naming U.S. entities, of exploiting regional resources while demanding an end to mining, pollution, and corporate dominance. The leak included data from Ecuador’s state mining company ENAMI, Colombia’s New Granada Energy Corporation, Chile’s Quiborax, Venezuela’s Oryx, and Tejucana. Transparency group DDoSecrets simultaneously mirrored the release, amplifying its accessibility. This marked Guacamaya’s second major action in five months, following a March 2022 breach of Swiss-owned mining subsidiaries that yielded 4.2 terabytes of data documenting pollution in Guatemala.
The August leak exposed operational communications and internal documents but did not specify Tejucana’s unique compromises. Guacamaya’s prior intrusion methods, revealed in an instructional video after their March attack, detailed system infiltration and data exfiltration techniques, though no equivalent technical disclosure accompanied the August release. The collective framed both operations as acts of resistance against environmental destruction, telling Forbidden Stories in March that hackers must support “dignified rage” against extractive industries. The earlier breach catalyzed a global investigative project involving 65 journalists, revealing corporate pollution, government manipulation, and journalist surveillance. While the August leak’s immediate investigative outcomes weren’t detailed in available reporting, its scale and inclusion of regulatory agencies suggested potential impacts on oversight credibility and corporate accountability. Guacamaya’s recurring focus on mining firms underscored sustained hacktivist scrutiny of the sector’s environmental practices in Latin America.