Their main objective is exfiltrating information about companies or organisms performing unjust actions against the indigenous people or territory.

Guacamaya have been acting in defense of the indigenous people of Abya Yala territory. This is the name used by the Native American Guna people who inhabit the geographic region between what is now northwest Colombia and southeast Panama, to refer to the American continent since pre-Columbian times.

Guacamaya was first spotted on March 6, 2022, after sending a statement to the sharing platform “Enlace Hacktivista” with their presentation and the announcement of their first action against the company CGN-Pronico, which operates the Fenix mine in Guatemala with a history of human right abuses and environmental damage.

The group gain access to the networks with open-source tools, then establish persistence and exfiltrate sensible information. They try to exploit public-facing applications and compromise employees’ credentials with password spraying, phishing, or checking against known breaches, whose emails are often obtained through LinkedIn. Once compromised, the Guacamaya proceeds to download information, such as emails and files.

Guacamaya also has a destructive goal since they carry out sabotage actions. Exfiltrated information is publicly shared through Distributed Denial of Secrets, a non-profit whistleblower run by a collective of journalists devoted to enabling the free transmission of data in the public interest, or directly through links in the Enlace Hacktivista platform.

Their targets include Colombia’s Attorney General office, Armies of Mexico, Peru and El Salvador, and more recently the drug cartels in Yucatan.

*Guacamaya’s Activity Map from the Threat Context module

The post Meet Guacamaya – a hacktivist’s supporting the indigenous people of Central America and tackling the drug cartels appeared first on IT Security Guru.

The tumultuous state of global politics that defined 2017 continues to shape the motivations and schemes of a wide range of adversaries. In October, CNBC reported two Czech election websites were hacked and that, after Catalonia’s independence referendum was ruled illegal, the website for Spain’s Constitutional Court was taken down by a DDoS attack. These are just two of many examples that align with a trend Flashpoint analysts have observed in recent months: the proliferation of hacktivist activity targeting European government and political entities.

In September 2017, Flashpoint analysts observed multiple hacktivist-fuelled DDoS attacks targeting several websites belonging to ministries and individual public officials in multiple European countries. Although these campaigns have been dispersed across central Europe, some actors have tended to concentrate their activity on certain countries. For example, Flashpoint analysts observed that one Turkish nationalist group appears to be focused on targeting the websites of Belgian and Austrian political entities. This group has also indicated its intent to retaliate against any perceived anti-Turkish or anti-Muslim sentiment emanating from European political entities. In one instance, the group posted screenshots of successful DDoS attacks against Danish government institutions, which they claim to have carried out due to perceived insults by Danish politicians against Islam.

More recently in January 2018, Fancy Bears’ Hack Team—a hacktivist group that is allegedly connected to Russian state sponsored activity—released updates to its #OpOlympics campaign. Targeting both the International Olympic Committee and the Norwegian Olympic Committee, the group released hacked E-mail messages that appear to imply a conspiracy to cover up doping. This activity follows previous releases in 2017 of confidential documents from the Swedish Olympic Committee. The releases appear to be an effort to embarrass Olympic organisers and member states in retaliation for the banning of Russian athletes.

While hacktivist groups are often considered less skilled than their cybercriminal and state-sponsored counterparts, the risks they present and resulting damages they can inflict are by no means novel. Typically motivated by fundamental differences of political opinion, hacktivists have been known to disrupt, deface, or otherwise take down targeted websites, web-based services, networks, and infrastructure. Unfortunately, these types of damages became a reality for many following the recent hacktivist-fuelled DDoS attacks that correlated with major 2017 elections in the United Kingdom, Germany, Russia, Czech Republic, and France. It appears that the polarizing effect of these elections continues to contribute to the heightened risks faced by various European political entities.

Flashpoint assesses with a moderate degree of confidence that hacktivist-fuelled DDoS attacks against European political entities will continue in the coming months. While addressing hacktivist activity can be complex and challenging, organisations—not just in Europe, but worldwide—that integrate Business Risk Intelligence (BRI) into their security and risk strategies can and do mitigate these types of risks more effectively. By providing proactive visibility into rising geopolitical tensions, emerging hacktivist threats, and upcoming schemes, BRI enables organisations across all sectors to gain a decision advantage over a broad spectrum of hacktivists and other adversaries.

The post Europe’s Hacktivists Set Sights on Political Entities appeared first on IT Security Guru.

The post British MPs Pledge Support for Lauri Love appeared first on IT Security Guru.

The post Anonymous Hackers Shut Down Bank of England appeared first on IT Security Guru.

The post #OpKKK – Anonymous begins revealing members' details appeared first on IT Security Guru.

The post Anonymous Crashes the Mounties' Website appeared first on IT Security Guru.

The post Team System DZ Attacks Wilmington School appeared first on IT Security Guru.