Hackers in South America targeting mining and oil companies

and the armed forces

Illustration: forbidden stories

The cyberattack on the armed forces carried out by the group of “hacktivists” Guacamaya has once again put Chile’s cybersecurity to the test.

By Victor Pilar (El Mostrador)

HAVANA TIMES – Guacamaya is a native bird species found in Central and South America. On September 19, it was also accepted as the name of the group of “hacktivists” who filtered around 10 terabytes of emails from different military organizations in Central and South America.

With the message “(…) the army and the police forces of the States in Abya Yala are the safeguard of the domination of the American imperialism, they safeguard the presence of the extractivism of the global North”, the military class in Chile , Peru, Colombia, Mexico and El Salvador were the victims of this cyberattack.

Defenders of Abya Yala

This organization made its debut on March 6 of this year, when it carried out its first cyberattack against the Guatemalan Nickel Company (CGN) and Izabal Ltd. Nickel Processing Company (Pronico), also from Guatemala.

After this attack: they introduced themselves and explained their mission: “We are all Guacamaya, every person who has been affected by the centuries-old invasion and looting of Abya Yala; we are the children of those who defended Life, with life itself, we are from the south, from the center, from the north, from the Caribbean, we are children of Mother Earth, we were, are and will be in all the corners of this land where the invader, the settler, the neocolonist, the looter of extractivism violates rights, goes beyond communities, millennial cultures, exterminates forests, rivers and seas to accumulate what ‘they believe to be wealth.

According to the research paper Abya Yala Wawgeykunby Beatriz Carrera Maldonado and Zara Ruiz Romero for Pablo de Olavide University in Seville, Spain, the concept Abya Yala stands for Ripe Earth, Living Earth or Earth in Bloom, and is used by the indigenous Kuna people, who live in Colombia and Panama.

In their first attack, Guacamaya defines all of the Americas as Abya Yala and adds that its main interest is to protect Mother Earth from any extractive projects that threaten the millennial communities and cultures that are part of these damaged lands. “We resisted with sticks, arrows, stones, thoughts and spirit. We are not afraid because we come from the land and we will return to it,” they explain in a statement published in the Guatemalan newspaper Prensa Comunitaria.

This information was collected after the interview they granted to Forbidden stories. after this attack.

The organization has only carried out four attacks so far: three related to environmental pollution and the last against American military organizations.


The first attack was a leak of 4.2 terabytes of documents on the Fenix ​​mining project, run by the Guatemalan Nickel Company (CGN) and the Izabal (Pronico) Nickel Processing Company, which are owned by the Russian-Swiss multinational Solway.

The main accusation against the Solway group was that they were killing the communities in the area concerned in order to set up their mining project. The document contains a list of all the activists who have lost their lives defending their land.

Meanwhile, the “Magic Carpet Affair” was leaked, indicating which Guatemalan government officials received bribes from Solway in order to achieve their goals.

“Solway Mining is part of the Russian, Kazakh, Israeli and Ukrainian cadre implicated in the magic carpet scandal. Members of the Guatemalan government have received millions in bribes to support mining and port interests in Mayaniquel, a neighbor of Solway’s FENIX mining project. The Russian members of Mayaniquel’s board of directors are also executives of Solway and their subsidiary CGN in Guatemala. Please see the statement on the cyberattack.

Guacamaya’s declaration worked in favor of a mass project that included 65 journalists from around the world, who succeeded not only in exposing the pollution, but also the manipulation efforts of local governments and the surveillance of journalists. This project includes four feature articles – including the aforementioned interview with Guacamaya – in a series titled Mining Secrets.

South American mining companies

The second attack took place on August 1 and targeted mining companies in different countries in Central and South America, to expose the pollution and damage caused to the communities and lands they live on.

According to CyberScoops, the companies involved are: ENAMI, the Ecuadorian state-owned mining company; the National Hydrocarbons Agency (ANH) in Colombia; New Granada Energy Corporation in Colombia; Quiborax, a Chilean mining company; Oryx, an oil company in Venezuela; Tejucana, a Brazilian mining company; and the Guatemalan Ministry of Environment and Natural Resources (Lily statement on the attack).

Public Prosecutor’s Office of Colombia

The third time the Guacamaya group made an appearance was on August 7, when it leaked 5 terabytes of emails from the Colombian prosecutor’s office.

The reason for this attack? To point out that the starting point – according to them – of the criminal policy of the Colombian State begins with the Public Ministry, accusing it of being one of the most corrupt organizations in this country, manipulating evidence, trials, charges, etc. in their favor. They point to his ties to business owners, public and military organizations, and drug traffickers (please Click here read the statement on the attack).

The military

The group’s latest attack, which we heard of recently, took place on September 19 – Day of Glory for the Army in Chile – when 10 terabytes of emails, as well as other documents from the military and police forces of the Chile, Colombia, Mexico, El Salvador and Peru were filtered out.

They also point out in their statement – which is confirmed by CyberScoop -, that in addition to being a safeguard for the domination of US imperialism over local communities, they are also “violent and criminal forces of repression that are deployed against their own people and their internal power hierarchies are also punishable”.

The groups concerned were: the Chilean Armed Forces; the Secretary of National Defense of Mexico; The civilian police of El Salvador and the armed forces of that country as well; the Colombian Command of Military Forces; the Joint Command of the Armed Forces and the Army of Peru (please read statement on the attack).

“Zero confirmation on the origins of the group”

Despite what they have explained in their statements and what the press has “described” about Guacamaya, experts in the field must explain that there has been no precise confirmation of its origins.

According to 8.8 Computer Security Conference co-founder and CEO Gabriel Bergel, it’s essential to think about cybersecurity at different levels of groups who want to soak up certain information, from cybercriminals to activists. Based on this, the expert does not think we need to confirm where this group came from, given that it is now appearing on the national scene.

Bergel elaborates on his idea, comparing this case with what happened in 2018 with the Lazarus group attack, where they attacked national banks and managed to establish that they were dealing with a North Korean military group, and what happened with the Shadow Brokers Group, who assumed they were Russian, but ended up being South American.

“We have not yet been able to confirm everything, just as we have not been able to identify the reason for the attack in this case. This is because what people tend to do in these kinds of situations is forensic analysis. It’s the same thing the police do when there’s been a murder,” explains the CEO of 8.8 Computer Security Conference.

Read more about Chile here on Havana Times