Outpost24 has released a new threat intelligence blog on Guacamaya, a hacktivist group acting in defense of the abuse performed on the territory and against the indigenous people of Central America.
Their main objective is exfiltrating information about companies or organisms performing unjust actions against the indigenous people or territory.
Guacamaya have been acting in defense of the indigenous people of Abya Yala territory. This is the name used by the Native American Guna people who inhabit the geographic region between what is now northwest Colombia and southeast Panama, to refer to the American continent since pre-Columbian times.
Guacamaya was first spotted on March 6, 2022, after sending a statement to the sharing platform “Enlace Hacktivista” with their presentation and the announcement of their first action against the company CGN-Pronico, which operates the Fenix mine in Guatemala with a history of human right abuses and environmental damage.
The group gain access to the networks with open-source tools, then establish persistence and exfiltrate sensible information. They try to exploit public-facing applications and compromise employees’ credentials with password spraying, phishing, or checking against known breaches, whose emails are often obtained through LinkedIn. Once compromised, the Guacamaya proceeds to download information, such as emails and files.
Guacamaya also has a destructive goal since they carry out sabotage actions. Exfiltrated information is publicly shared through Distributed Denial of Secrets, a non-profit whistleblower run by a collective of journalists devoted to enabling the free transmission of data in the public interest, or directly through links in the Enlace Hacktivista platform.
Their targets include Colombia’s Attorney General office, Armies of Mexico, Peru and El Salvador, and more recently the drug cartels in Yucatan.
*Guacamaya’s Activity Map from the Threat Context module