Estado Mayor Conjunto

Estado Mayor Conjunto, known in English as the Joint Chiefs of Staff, is the highest military command body in Chile, responsible for the coordination and strategic direction of the nation's armed forces. Its core function involves integrating the operational planning and activities of the Chilean Army, Navy, and Air Force to ensure national defense and military readiness. As a central institution within the Chilean defense sector, it handles highly sensitive information pertaining to military operations, intelligence, and national security strategies. The organization's authority and scope are defined by its role in advising the government on defense policy and overseeing joint military exercises and deployments. Its headquarters in Santiago places it at the epicenter of the country's military decision-making apparatus. The nature of its work inherently involves the custody and management of classified documents and communications, making it a critical repository for state security data. The institution's mandate requires it to maintain robust protocols for information protection to safeguard operational integrity and national interests. Its position within the defense hierarchy means any compromise of its systems has profound implications for Chile's overall security posture and military effectiveness. The body operates under the ultimate authority of the Chilean Ministry of Defense, functioning as the principal staff organ for the nation's military leadership.

The 2022 cyberattack against Estado Mayor Conjunto, attributed to the Guacamaya hacker group, resulted in the exfiltration of approximately 350 gigabytes of sensitive data, including thousands of internal emails and classified attachments from various defense directorates. This incident exposed severe and systemic deficiencies in the organization's cybersecurity framework, specifically citing the use of inadequate encryption for data at rest and the improper reliance on personal cloud storage services for official, sensitive material. Furthermore, the breach was characterized by a critically delayed detection and response; Chilean authorities were only formally notified four months after the initial intrusion, despite having received prior cybersecurity warnings regarding vulnerabilities. The public disclosure of the stolen documents revealed extensive institutional security failures, leading to the resignation of several high-ranking military officials. However, this response was met with significant public and political criticism over a perceived lack of meaningful accountability for the negligence that enabled the breach. The scandal intensified existing scrutiny of the military institution, which has a historical context of corruption allegations, thereby exacerbating public distrust. The incident starkly highlighted a gap between the sensitive nature of the data under its guardianship and the practical implementation of protective measures, raising fundamental questions about its operational security culture and data governance. The fallout underscored concerns not only about data protection but also about the potential compromise of ongoing operations and strategic plans. The event serves as a definitive case study of institutional vulnerability within a critical national security entity, where the failure to enforce basic cyber hygiene directly contradicted the paramount importance of its classified information handling duties.