The Jungle Eye: Guacamaya

← Home·Gallery·Techniques

Threat Intelligence Tarot

wands · 10

Latin America (environmental/political hacktivist)

★★★★★

risk 3/5

✦ The Jungle Eye ✦

Guacamaya

Mexican military (SEDENA)Colombian militaryChilean militaryGuatemalan policeMining corporations

Active since ~2022 · Latin American military exposure, Environmental activism, Anti-extractivism

From Latin American networks, The Jungle Eye watches governments that watch their own people. It breached Mexico's military and released six terabytes of secrets, including the president's medical records. It publishes what power wants hidden, and it does it in the name of the forest.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1190

Exploit Public-Facing Application

Initial Access

T1530

Data from Cloud Storage

Collection

T1213

Data from Information Repositories

Collection

T1048

Exfiltration Over Alternative Protocol

Exfiltration

Notable Operations

◆Mexican military leak - 6TB of SEDENA emails (2022)
◆AMLO health records included in leak (cardiac condition)
◆Colombian, Chilean, Peruvian military email archives published
◆Mining company environmental violations documentation release

Defenses

▸
Urgent patching of Microsoft Exchange ProxyShell/ProxyLogon
CIS Control 7 ↗
▸
Email archive access controls and data classification
CIS Control 3 ↗
▸
Government network segmentation and access logging
CIS Control 12 ↗
▸
Data minimization - reduce what sensitive data is email-accessible
NIST CSF: PR.DS ↗

Reversed: Their Weakness

Guacamaya's exploitation of ProxyShell and ProxyLogon - vulnerabilities patched years before their attacks - revealed that Latin American military and government organizations had critically neglected basic patch management hygiene.

Share this adversary profile

← → arrow keys to browse

swipe to browse

← PreviousThe Red Star Next →The Affiliate

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.