Cyber Incident Victim: ENAMI
Date:
Aug 2022
Location:
Ecuador
Summary
A hacktivist collective named Guacamaya leaked over 2 terabytes of emails and internal documents from multiple mining companies and environmental agencies across Central and South America, including an Ecuadorian state mining entity, aiming to expose alleged environmental exploitation and pollution by international firms and governments. The data, published via Enlace Hacktivista and promoted by transparency group DDoSecrets, revealed operational details and followed the group’s prior release of 4.2 terabytes from mining subsidiaries linked to environmental harm in Guatemala, which had spurred a global investigative journalism collaboration. Guacamaya described their actions as resistance against resource plundering, emphasizing solidarity with communities affected by extractive industries and framing hacking as a tool for revolutionary change.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, the hacktivist collective Guacamaya published over 2 terabytes of stolen emails and internal files from five mining companies and two environmental oversight agencies across Central and South America. The data dump targeted Ecuador’s state mining company ENAMI, Colombia’s National Hydrocarbons Agency (ANH), New Granada Energy Corporation (Colombia), Quiborax (Chile), Oryx (Venezuela), Tejucana (Brazil), and Guatemala’s Ministry of Environment and Natural Resources. Guacamaya uploaded the materials to Enlace Hacktivista, a platform designed for hosting hacktivist leaks, alongside a Spanish-language communiqué condemning environmental exploitation by international corporations and governments. The group framed the attack as resistance against resource extraction and pollution, declaring, "We want them to stop, to stop once and for all exploiting, mining, polluting, that desire for dominance." Transparency collective DDoSecrets mirrored the release simultaneously, broadening public access to the data. This incident followed Guacamaya’s March 2022 breach of Swiss-owned mining subsidiaries in Guatemala, which yielded 4.2 terabytes of data revealing pollution evidence, corporate surveillance of journalists, and attempts to influence local governments.
The leaked materials provided documented evidence of environmental damage and corporate misconduct, contributing to investigative projects like Forbidden Stories’ "Mining Secrets," which involved 65 journalists globally. Guacamaya’s August release expanded the scope of exposed entities, emphasizing regional environmental governance failures. The collective had previously detailed their intrusion methods via an instructional video after the March hack and granted interviews explaining their motive: to support communities resisting extractive industries. While the immediate operational disruptions to the affected organizations were unspecified, the breaches inflicted reputational damage and amplified scrutiny of their environmental practices. DDoSecrets’ involvement ensured sustained visibility for the leaks, aligning with its mission to disseminate hacked materials deemed in the public interest. Guacamaya’s consistent focus on mining and hydrocarbon entities underscored their strategy of using digital intrusions to advance environmental activism across Latin America.