Cyber Incident Victim: Estado Mayor Conjunto
Date:
May 2022
Location:
Chile
Summary
A cyberattack targeting Chile's Estado Mayor Conjunto compromised thousands of sensitive defense documents, exposing approximately 350 GB of data including emails and classified attachments. The breach, attributed to the Guacamaya hacker group, exploited systemic vulnerabilities such as inadequate encryption, reliance on personal cloud storage for sensitive data, and delayed detection—authorities were notified four months post-incident despite prior cybersecurity warnings. The attack revealed extensive institutional security failures, prompting high-level resignations but drawing criticism over insufficient accountability measures. Public scrutiny intensified due to the military's history of corruption scandals and perceived negligence in safeguarding national security infrastructure, exacerbating concerns over operational readiness and data protection protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident targeting Chile's Estado Mayor Conjunto (EMCO) was publicly disclosed in September 2022, though forensic analysis indicated the initial breach occurred around May 16, 2022. Attackers affiliated with the hacktivist group Guacamaya infiltrated EMCO's systems, exfiltrating approximately 350 gigabytes of data comprising over 380,000 emails and 10,000 files. The compromised material included sensitive military communications, operational reports, intelligence assessments, and internal administrative documents spanning multiple defense sectors. EMCO leadership failed to detect the intrusion internally; the breach was only confirmed after Guacamaya began leaking documents to international media outlets in mid-September. This four-month gap between compromise and discovery allowed attackers prolonged access to unsecured networks.
The breach exposed systemic cybersecurity deficiencies, including reliance on commercial email platforms like Gmail for sensitive communications and improper storage of classified materials on consumer cloud services such as Dropbox. Forensic investigations revealed inadequate encryption protocols for classified documents and insufficient network monitoring capabilities. Primary impacts included disclosure of military procurement details, intelligence-gathering methodologies, and internal assessments of domestic security threats. The incident triggered the resignation of General Guillermo Paiva, then-head of EMCO, due to delayed reporting of the breach to Defense Minister Maya Fernández. Judicial authorities opened multiple investigations into potential negligence under national security statutes, though no criminal charges had been filed as of the latest available reports. Operational consequences included temporary suspension of digital communications across multiple defense branches and accelerated adoption of encrypted messaging systems. The breach compounded existing public distrust in military institutions following prior corruption scandals, notably the Milicogate misappropriation case. No definitive attribution to state-sponsored actors was confirmed by Chilean authorities despite speculation regarding foreign involvement in public commentary.