Cyber Incident Victim: Ministerio De Ambiente y Recursos Naturales
Date:
Aug 2022
Location:
Guatemala
Summary
A hacktivist collective named Guacamaya leaked over 2 terabytes of emails and files from multiple mining companies and environmental agencies, including Guatemala's environmental ministry, to expose alleged environmental exploitation by international entities. The data, published via Enlace Hacktivista and shared by transparency group DDoSecrets, revealed operational details and environmental concerns. This incident followed the group's prior release of 4.2 terabytes of similar materials from mining subsidiaries, which had facilitated international investigative reporting on pollution and corporate misconduct in the region.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 3, 2022, the hacktivist collective Guacamaya published over 2 terabytes of stolen emails and internal files from five mining corporations and two environmental regulatory agencies across Central and South America. The breach targeted Guatemala’s Ministerio De Ambiente y Recursos Naturales alongside entities in Colombia, Ecuador, Chile, Venezuela, and Brazil, including Ecuador’s state mining company ENAMI, Colombia’s hydrocarbon agency ANH, and private firms such as Quiborax and New Granada Energy Corporation. Guacamaya uploaded the data to Enlace Hacktivista, a platform dedicated to hosting hacktivist leaks and communiques, accompanied by a Spanish-language statement condemning environmental exploitation by international governments and corporations. The group framed the leak as an act of resistance against mining pollution and resource extraction, declaring, “We want them to stop, to stop once and for all exploiting, mining, polluting, that desire for dominance.” Transparency collective DDoSecrets simultaneously mirrored the release, amplifying its accessibility. The leaked materials reportedly contained corporate communications, operational documents, and internal correspondence, though specific technical details of the breach method were not disclosed in this incident.
This attack followed a prior operation in March 2022, when Guacamaya exfiltrated 4.2 terabytes of data from subsidiaries of a Swiss investment group operating in Guatemala, revealing evidence of pollution, corporate surveillance of journalists, and efforts to influence local governments. The earlier leak had catalyzed a collaborative investigation by Forbidden Stories, involving 65 journalists globally, which published findings under the “Mining Secrets” project. After the March incident, Guacamaya released a video tutorial detailing their intrusion techniques and granted an interview explaining their ideological motivation, stating that hackers should support “dignified rage” against extractive industries. The August 2022 leak expanded this campaign, targeting additional entities but replicating the strategy of pairing data dumps with public statements to pressure corporations and regulators. No remediation efforts or responses from the Guatemalan ministry or other affected organizations were documented in the available sources. The primary confirmed impacts were reputational exposure for the entities involved and the dissemination of internal data to journalists and advocacy groups.