Cyber Incident Victim: Oryx
Date:
Aug 2022
Location:
Venezuela
Summary
A hacktivist collective named Guacamaya leaked over 2 terabytes of internal emails and files from multiple mining and oil entities, including Venezuelan firm Oryx, along with environmental oversight agencies in Colombia and Guatemala. The breach aimed to expose alleged environmental exploitation and pollution by international corporations and governments, with materials disseminated via Enlace Hacktivista and transparency group DDoSecrets. This followed the group’s prior release of 4.2 terabytes from Swiss mining subsidiaries, which fueled a global investigative project revealing corporate misconduct and surveillance. Guacamaya framed their actions as resistance against resource extraction and ecological harm, advocating for revolutionary change through digital activism.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, the hacktivist collective Guacamaya published over 2 terabytes of stolen emails and internal files from five mining companies and two environmental regulatory agencies across Central and South America. The compromised entities included Ecuador’s state mining company ENAMI, Colombia’s National Hydrocarbon Agency (ANH), New Granada Energy Corporation (Colombia), Quiborax (Chile), Oryx (a Venezuelan oil company), Tejucana (Brazil), and Guatemala’s Ministry of Environment and Natural Resources. Guacamaya uploaded the data to Enlace Hacktivista, a platform for hacktivist communications and leaks, accompanied by a Spanish-language statement condemning environmental exploitation by international corporations and governments. The group framed the leak as an act of resistance against mining pollution and resource extraction, declaring, “We want them to stop, to stop once and for all exploiting, mining, polluting, that desire for dominance.” Transparency collective DDoSecrets mirrored the release simultaneously, amplifying its dissemination.
This incident followed Guacamaya’s March 2022 breach of Swiss-owned mining subsidiaries, which yielded 4.2 terabytes of data exposing pollution evidence, corporate surveillance of journalists, and efforts to influence local governments. That earlier leak had catalyzed a collaborative investigation by Forbidden Stories involving 65 journalists globally. Guacamaya had publicly documented their intrusion methods via an instructional video and granted interviews explaining their hacktivist philosophy, stating their role was to support “dignified rage” against exploitation. The August leak extended their targeting to include Oryx and other firms, though technical specifics of the new breaches were undisclosed. No victim responses or containment measures were detailed in available reporting. Impacts centered on reputational exposure and operational transparency for the affected entities, with Guacamaya leveraging data theft to advance environmental activism through coordinated media partnerships.