From bc8904110b2507bcde86e76846c86c89b4921392 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Tue, 7 Nov 2023 14:47:11 +0100
Subject: [PATCH] [threat-actors] Add Guacamaya

---
 clusters/threat-actor.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index d0ebb86..b5c6426 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -12524,6 +12524,22 @@
       },
       "uuid": "7133a722-088c-4d5a-b2e0-a1f9915f807d",
       "value": "SharpPanda"
+    },
+    {
+      "description": "Guacamaya has conducted multiple hack and leak campaigns against military and police agencies and mining companies across Latin America, which they believe have played a role in the region’s environmental degradation and repression of native populations.",
+      "meta": {
+        "refs": [
+          "https://cyberscoop.com/environmentalist-hacktivist-collective-mining-company/",
+          "https://srslyriskybiz.substack.com/p/recent-cyber-chaos-is-a-structural",
+          "https://finance.yahoo.com/news/analysis-mexico-data-hack-exposes-003101651.html",
+          "https://www.redpacketsecurity.com/guacamaya-hacktivists-stole-sensitive-data-from-mexico-and-latin-american-countries/",
+          "https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/",
+          "https://www.cyberscoop.com/central-american-hacking-group-releases-emails/",
+          "https://therecord.media/mexican-army-spyware"
+        ]
+      },
+      "uuid": "51f056f5-b596-446e-9394-a310af4e2e75",
+      "value": "Guacamaya"
     }
   ],
   "version": 292