3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Guacamaya

Guacamaya

ID: b48eec02241aca786b42c74b647eaaf501509
Hacktivist Group Hacktivism
Threat types: Hacktivism, Anti‑Colonialist, Anti‑Extractivist
El Salvador CHL, COL, SLV, MEX, PER
Updated: 2026-04-10
Created: 2026-02-24
Progress: 84% Completeness: 82% Freshness: 90%
Operation zone: Chile, Colombia, El Salvador, Mexico, Peru
Aliases Limited alias preview
Alberto Guacamaya GUACAMAYOS SV
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Guacamaya is a Latin American hacktivist collective associated with hack-and-leak operations, notably large 2022 disclosures of emails and documents from military and public-security institutions. Public reporting and academic analysis emphasize bulk collection and controlled dissemination through leak intermediaries, with political and reputational impact as the primary outcome.


Technique Technique name Tactics Evidence
T1583.006 Web Services TA0042
  • 2023-01-19 — Leak materials were reported as distributed through leak portals; treated here as dissemination infrastructure. · ref
T1114 Email Collection TA0009
  • 2022-12-25 — Bulk email disclosures indicate collection of email data from targeted institutions. · ref
T1005 Data from Local System TA0009
  • 2022-12-25 — Large-scale acquisition of institutional documents/emails is consistent with collection from local/enterprise repositories. · ref
T1074.001 Local Data Staging TA0009
  • 2024-01-01 — INFERENCE (confidence: medium): staging via local archives is typical in hack-and-leak operations; validate per incident telemetry. · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2024-01-01 — INFERENCE (confidence: medium): the scale of disclosed datasets implies outbound exfiltration of large volumes; validate per incident telemetry. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-24T21:07:43+00:00

Guacamaya

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Guacamaya


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Guacamaya


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-24T21:08:33+00:00

IOC Appendix — Guacamaya (Operational Seed Set)


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-24T21:08:45+00:00

OSINT Library — Guacamaya


2022-12-25 — Electronic Frontier Foundation (EFF) — “Hacking Governments and Government Hacking in Latin America: 2022 Year in Review”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/gua*********** Restricted Not integrated
t.me/Gua**************** Restricted Not integrated
t.me/gua************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.