Cyber Incident Victim: Bolivian Army
Date:
Feb 2016
Location:
Bolivia
Summary
A group of Latin American hackers compromised the Bolivian Army's email servers via a known Zimbra exploit and weak configurations, exfiltrating and leaking internal communications, officer details, and passwords. The exposed data contained routine administrative correspondence and publicly accessible personnel information but no classified military material. Attackers cited institutional corruption as motivation, continuing a pattern of cyber operations between Chilean actors and Bolivian entities historically linked to geopolitical tensions. The incident occurred amid incomplete national efforts to enhance digital sovereignty through a planned secure cloud infrastructure following prior breaches targeting government agencies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
In February 2016, a group of four hackers—identified as Hanom1960, members of the Chilean Hackers crew, and Hazzard—breached the Bolivian Army’s official email servers. The attackers exploited a known vulnerability in the Zimbra email service hosted on VMWare infrastructure, facilitated by inadequate security configurations. After gaining access, they downloaded internal email communications and subsequently leaked portions of the data online. The dumped material included routine correspondence among army officers, such as conference invitations, activity reviews, and documents awaiting printing. Additionally, the hackers extracted and published lists containing officers’ names, positions, and email addresses, though some of this information was already publicly accessible through search engines. Following the initial leak, the attackers tweeted credentials, including passwords, linked to specific army email accounts. The hackers cited the Bolivian Army’s documented history of institutional corruption as their primary motivation for the intrusion, though they did not reference ongoing geopolitical tensions between Bolivia and Chile.
The breach did not compromise classified military operations or state secrets, but it exposed systemic vulnerabilities in Bolivia’s digital infrastructure. The incident mirrored prior cyberattacks by Chilean hacking groups targeting Bolivian entities, including the Ministry of Communication, Police, and Navy websites, which had previously been linked to a maritime territorial dispute. In response to these earlier incidents, Bolivia had announced plans in February 2015 to develop a "sovereign cloud" infrastructure to secure government data, with completion slated for early 2017. However, the project remained incomplete at the time of the 2016 email server breach, leaving critical systems reliant on outdated or misconfigured services. The Bolivian Army did not publicly disclose remediation efforts following the hack, though the exposure of administrative credentials and internal communications underscored operational security deficiencies. The incident highlighted persistent regional cyber hostilities and institutional delays in implementing defensive measures despite allocated funding and public commitments to modernization.