Hackers in South America Targeting Mining & Oil Companies

and the Armed Forces

Illustration: forbiddenstories

The cyberattack on the Armed Forces delivered by the Guacamaya group of “hacktivists”, has tested Chile’s cybersecurity, yet again.

By Victor Pilar (El Mostrador)

HAVANA TIMES – Guacamaya is a native bird species that can be found in Central and South America. On September 19th, it was also accepted as the name of the group of “hacktivists” who filtered approximately 10 terabytes of emails from different military organizations in Central and South America.

With the message, “(…) the Army and police forces of States in Abya Yala are the safeguard for US Imperialism’s domination, they safeguard the Global North’s extractivism presence,” the military class in Chile, Peru, Colombia, Mexico and El Salvador were the victims of this cyberattack.

Defenders of Abya Yala

This organization made its debut on March 6th this year, when they carried out their first cyberattack against the Guatemalan Nickel Company (CGN) and the Izabal Ltd. Nickel Processing Company (Pronico), which is also from Guatemala.

After this attack: they came forward and explained their mission: “We are all Guacamaya, every person who has been affected by the age-old invasion and plunder of Abya Yala; we are the children of those who defended Life, with life itself, we are from the south, the center, the north, the Caribbean, we are children of Mother Earth, we were, are and will be in every corner of this earth where the invader, colonist, neocolonnist, extractivism plunderer violates rights, going over and above communities, millenial cultures, exterminating forests, rivers and seas to accumulate what they believe is weath.”

According to the research paper Abya Yala Wawgeykun, by Beatriz Carrera Maldonado  and Zara Ruiz Romero for Universidad Pablo de Olavide in Seville, Spain, the concept Abya Yala means Ripe Earth, Living Earth or Earth in Bloom, and is used by the indigenous Kuna people, who live in Colombia and Panama.

During their first attack, Guacamaya defines all of the Americas as Abya Yala and adds that its main interest is to protect Mother Earth from every extractivism project that threatens millenial communities and cultures that are a part of these damaged lands. “We have resisted with sticks, arrows, stones, thoughts and spirit. We aren’t afraid because we come from the earth, and we will return to her,” they explain in a statement that was published in Guatemala’s Prensa Comunitaria.

This information was gathered after the interview that they gave to Forbidden Stories. after this attack.

The organization has only carried out four attacks up until today: three linked to environmental pollution and the latter was against America’s military organizations.


The first attack was a leak of 4.2 terabytes of documents about the Fenix mining project, which is being led by the Guatemalan Nickel Company (CGN) and the Izabal (Pronico) Nickel Processing Company, which belong to the Russian-Swiss multinational corporation Solway.

The main accusation against the Solway group was that they were killing communities from the area involved so as to set up their mining project. The document features a list of every activist that has lost their life defending their land.

Meanwhile, the “Magic Carpet Case” was leaked, which pointed out which officials in the Guatemalan Government had received bribes from Solway in order to carry out their objectives.

“Solway mining is part of the Russian, Kazach, Israeli and Ukrainian framework involved in the Magic Carpet Scandal. People from the Guatemalan Government have received millions in bribes to support Mayaniquel’s – which neighbors Solway’s FENIX mining project – mining and port interests. Russian board members of Mayaniquel are also executives at Solway and their CGN subsidiary in Guatemala.” Please see the statement on the cyberattack.

Guacamaya’s statement worked in favor of a mass project that included 65 journalists from all over the world, who managed to not only expose pollution but also efforts to manipulate local governments, and the surveillance of journalists. This project has four feature articles – including the abovementioned interview with Guacamaya – within a series called Mining Secrets.

South American mining companies

The second attack took place on August 1st and targeted mining companies in different countries in Central and South American countries, to expose the pollution and damage that is being done to communities and the land they live on.

According to CyberScoops, the affected companies are: ENAMI, Ecuador’s state-led mining company; the National Hydrocarbons Agency (ANH) in Colombia; New Granada Energy Corporation in Colombia; Quiborax, a Chilean mining company; Oryx, an oil company in Venezuela; Tejucana, a Brazilian mining company; and Guatemala’s Ministry of Environment and Natural Resources (read the statement about the attack).

Colombia’s Public Prosecutor’s Office

The third time the Guacamaya group made an appearance was on August 7th, when they leaked 5 terabytes of emails from Colombia’s Public Prosecutor’s Office.

The reason for this attack? To report that the departure point – according to them – of the Colombian State’s criminal policy begins at the Public Prosecutor’s Office, accusing it of being one of the most corrupt organizations in that country, handling proof, processes, accusations etc. in their favor. They point out its connections to business owners, public and military organizations and drug dealers (please click here to read the statement about the attack).

The Military

The group’s last attack, which we’ve heard about recently, took place on September 19th – Army Glory Day in Chile – when 10 terabytes of emails, as well as other materials from military and police forces in Chile, Colombia, Mexico, El Salvador and Peru were filtered.

They also point out in their statement – which is confirmed by CyberScoop -, that in addition to being a safeguard for US imperialism’s domination of local communities, they are also “violent, criminal forces of repression that are being deployed against their own people and its internal power hierarchies are also condemnable.”

Groups affected were: Chile’s Armed Forces; Mexico’s National Defense Secretary; El Salvador’s Civil Police and the Armed Forces from this country too; Colombia’s Command of Military Forces; the Joint Command of Peru’s Armed Forces and Army (please read the statement about the attack).

“Zero confirmation about the group’s origins”

Despite what they’ve explained in their statements and what the press has “outlined” about Guacamaya, experts on the subject need to explain that there hasn’t been an accurate confirmation about its orgiins.

According to co-founder and CEO of 8.8 Computer Security Conference, Gabriel Bergel, it’s key to think about cybersecurity exitsting on different levels of groups that want to soak in certain information, from cyberdelinquents to activists. Based on this, the expert doesn’t believe we need to confirm where this group comes from, given the fact that it’s appearing on the national stage now.

Bergel expands on his idea, comparing this case with what happened in 2018 with the Lazarus group’s attack, where they attacked national banks and managed to establish that they were dealing with a North Korean military group, and what happened with the Shadow Brokers Group, who assumed they were Russian, but ended up being South American in the end.

“We haven’t been able to confirm everything yet, just like we haven’t been able to identify the reason for the attack in this case. That’s because what people tend to do in these kinds of situations is forensic analysis. It’s the same thing the police do when there’s been a murder,” CEO of 8.8 Computer security Conference explains.

Read more from Chile here on Havana Times