Cybersecurity threats affect all types of users. From home users to large companies or governments, they are all targets of hacker groups looking to seize valuable and sensitive information. One of these threats is the recent case of Guacamaya Leaks in 2022.
Guacamaya Leaks takes its name from the activist hacker group known as Guacamayas, which last year carried out one of the most significant government cyberattacks of the year. Sensitive and public-interest documents were leaked, placing the cybersecurity systems of the region under scrutiny.
Details of Guacamaya Leaks
The Guacamaya group identifies itself as a collective against the militarization of Latin America. This hacktivist group seeks justice by revealing confidential government information as a form of protest.
Let’s look at the timeline of their attacks on Latin American governments in 2022 to get a complete picture of their scope:
- March: Hacking and leaking of documents from the Solway mining company in Guatemala. The documents revealed the company’s ties to Russian, Kazakh, Israeli, and Ukrainian capitals involved in the "La Alfombra Roja" scandal, which implicated large-scale bribery.
- May: Massive hacking of Chile’s General Staff and exposure of 400,000 emails received between 2012 and May 2022. These emails were related to defense, cybersecurity strategies, satellite communications monitoring at borders, and intelligence database storage programs. Additionally, information about the social unrest of 2019 was revealed.
- August: Hacking of the Colombian Armed Forces, with the theft of 275 GB and 5 TB of emails from the Attorney General’s Office. These documents exposed cases of corruption and confidential files on the analysis of international relations within Latin America.
- September: Hacking of Mexico’s Ministry of National Defense (SEDENA). Six terabytes of military information from the past decade were obtained, including operational and intelligence activities carried out by the military. The leaks also revealed President Andrés López Obrador’s health issues and military surveillance of civilians, such as singer Mon Laferte.
- September: Hacking of the Peruvian Armed Forces, with 70 GB of data exposed. National security plans, border plans with Chile, and surveillance of individuals and political parties carried out by the Peruvian army were disclosed. Furthermore, military war plans in the event of a conflict with neighboring Chile were accessed.
As seen, the scale of the cyberattack exposed the most delicate operations in the region, putting entire countries in a vulnerable position. Despite the high-level security measures required to manage such sensitive information, the success of the cyberattack is undeniable.
Cybersecurity Vulnerabilities
As is evident, a hack of this magnitude has exposed vulnerabilities in the cybersecurity management of some governments in the region. Two of the main issues are worth highlighting.
1. ProxyShell Vulnerability
The ProxyShell vulnerability is an RCE (Remote Code Execution) vulnerability, with a CVSSv3 score of 9.1 (CVE-2021-34473), that chains three vulnerabilities which can be exploited by hackers to execute arbitrary remote commands on a Microsoft Exchange email server. This allows them to run commands without the credentials that would normally authorize their access.
According to investigations from the involved governments, this cybersecurity flaw was likely exploited by the Guacamaya group in Chile, Colombia, and very possibly also in Peru.
2. Zimbra Vulnerability
In the case of Mexico's SEDENA, the vulnerability was identified in Zimbra email servers: CVE-2022-27925 and CVE-2022-37042. Both vulnerabilities were reported in April and August.
These vulnerabilities in Zimbra allow attackers to upload files arbitrarily, bypassing the required privileges for such actions. Furthermore, if an attacker uploads a webshell, they can escalate their privileges and take full control of the server.
It is worth noting that the Guacamaya hacktivists released a more than two-hour-long video detailing how they breached the attacked systems. Since their goal is to expose these government practices, they did not hesitate to spread their findings through an online portal.
The revelations from Guacamaya Leaks have cast doubt on the management of Latin American armed forces and the corruption-driven financial dealings taking place. Similarly, questions have been raised about the limits of security measures and the surveillance of innocent civilians.
From a cybersecurity perspective, the management of security systems at the state level is heavily criticized, especially regarding the severe consequences of their weaknesses, as evidenced by the Guacamaya attack.
While this case has put many governments on the defensive due to their lack of transparency, it serves as a reminder of the importance of securing and continuously monitoring our networks’ security measures.
In this regard, it is critical to recognize that, as one of the essential mechanisms in cybersecurity, constant maintenance and immediate resolution of any potentially dangerous security gaps are key to managing our computer systems. This not only helps protect against illicit activities like those revealed by Guacamaya Leaks but also safeguards sensitive customer data in business contexts to prevent it from falling into the hands of cybercriminals. If you're interested in learning more about cybersecurity mechanisms to keep your business safe, contact us at [email protected]. We’ll provide the best solutions to help your business prevent any cyberattacks.
EN 
ES