Executive Summary
The Guacamaya group is a fairly new hacktivist group based in Latin America.
The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia.
As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia.
The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.
Background
As mentioned, Guacamaya is a hacktivist group, and like other hacktivist groups, they are focusing their attention on both conflict-based regions or driven by another agenda such as environmental issues.
As mentioned, the group emerged on March 2022, and although some speculations claimed that the group might be connected in any way to Lapaus, it was quickly denied by the group and its followers.
Victimology
When it comes to specific sectors, the group is focusing on two main sectors: government-related and manufacturing sectors. Recently, the group also targeted a mining company
these two sectors are the prey for most hacktivists groups and in our case, it is no different. Guacamaya targets any government and military entity throughout LATAM that they believe is involved in corruption activity, and manufacturing companies that they accuse of being responsible for pollution or not obeying environmental regulations.
Communication Channels
The group doesn’t operate any Twitter accounts like a lot of hacktivists groups but there is a supporters commentary Twitter account that publishes their campaigns and acts as their voice. In addition, the group uses the two popular leak repositories sites “DDoS Secrets” and “Enlace Hacktivista” which is where they share their stollen data (Figure 1).
