Cyber Incident Victim: Agencia Nacional de Hidrocarburos
Date:
Aug 2022
Location:
Colombia
Summary
A hacktivist collective named Guacamaya leaked over 2 terabytes of internal emails and documents from multiple mining companies and environmental oversight agencies across Central and South America, including Colombia's Agencia Nacional de Hidrocarburos (ANH). The breach targeted five mining firms and two government environmental regulators, with stolen data published on Enlace Hacktivista and mirrored by transparency group DDoSecrets to expose alleged environmental exploitation by international corporations. Guacamaya cited opposition to resource extraction and pollution as motivation, continuing their pattern of targeting extractive industries after previously releasing 4.2 terabytes of similar materials that revealed corporate pollution evidence and manipulation of local governments in Guatemala.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, the hacktivist collective Guacamaya published over 2 terabytes of stolen emails and internal files from five mining companies and two environmental oversight agencies across Central and South America. The affected entities included Colombia’s Agencia Nacional de Hidrocarburos (ANH), Ecuador’s state mining firm ENAMI, Guatemala’s Ministerio De Ambiente y Recursos Naturales, and private corporations such as Colombia’s New Granada Energy Corporation, Chile’s Quiborax, Venezuela’s Oryx, and Brazil’s Tejucana. Guacamaya uploaded the data to Enlace Hacktivista, a platform for hacktivist communications and leaks, accompanied by a Spanish-language statement condemning environmental exploitation by international governments and corporations. The group framed the leak as an act of resistance against resource extraction and pollution, declaring, "We want them to stop, to stop once and for all exploiting, mining, polluting, that desire for dominance." Transparency collective DDoSecrets mirrored the release simultaneously, amplifying its accessibility. The attack methodology was not detailed in this specific incident, though Guacamaya had previously disclosed intrusion techniques in a March 2022 breach targeting Swiss-owned mining subsidiaries in Guatemala.
The leak represented Guacamaya’s second major action in five months, following their March 2022 release of 4.2 terabytes of data that exposed pollution and corporate espionage in Guatemala, which spurred a 65-journalist investigation coordinated by Forbidden Stories. While immediate technical responses from ANH or other victims were not documented, the scale of the breach suggested significant compromise of corporate and governmental communications. Guacamaya’s pattern of targeting extractive industries and environmental regulators indicated a sustained campaign to disrupt operations and expose alleged misconduct through data theft. The collective explicitly linked their actions to grassroots environmental resistance in an interview with Forbidden Stories, stating their role was to support "dignified rage" against ecological destruction. No restoration timelines, forensic findings, or legal repercussions for the attackers were disclosed in available reporting. The incident underscored vulnerabilities in the targeted organizations’ cybersecurity postures while advancing Guacamaya’s objective of weaponizing leaked data to influence public discourse on environmental policy.