Mexican President Andres Manuel Lopez Obrador attends an independence day military parade
Mexican President Andres Manuel Lopez Obrador attends an independence day military parade AFP

Leaks from a shadowy group of hackers targeting secret files held by the armed forces of several Latin American nations have fueled controversy in Mexico about the military's growing power.

A trove of sensitive information was stolen from the Mexican defense ministry by the collective called Guacamaya, which has also claimed cyberattacks in Chile, Colombia and Peru.

"Their objectives are more political than economic," said Diego Macor, a cyber-security expert at US technology giant IBM in Chile, who describes members of the network as "hacker-activists."

The leaks revealed that the Mexican army continued to use Pegasus spyware developed by Israeli firm NSO Group after President Andres Manuel Lopez Obrador took office in 2018, according to an investigation by the Network in Defense of Digital Rights and its partners.

The targets included journalists and a human rights activist, according to the probe, which was assisted by the University of Toronto's Citizen Lab.

The army insisted that it had only used spyware to fight organized crime.

The hack also left Mexico's military facing allegations that some of its members have links to drug cartels, and that it engineered a contentious security reform giving it control of the National Guard, which was previously under civilian command.

Two soldiers sold grenades, other weapons and tactical equipment to drug cartel members, according to analysis of the files by the civil society group Mexicans Against Corruption and Impunity.

The Mexican and Peruvian militaries also allegedly monitored civil society organizations such as Amnesty International, which condemned their actions as "unacceptable."

"The undue monitoring of civil society organizations identified in the Guacamaya collective leaks is an example of the hostile context in which we work as organizations defending human rights in the Americas," said Amnesty regional director Erika Guevara-Rosas.

"Instead of monitoring the activities of civil society organizations, the military and other authorities in the region should be ensuring a favorable environment for the defense of rights and acknowledging the important role played by human rights defenders," she added.

Mexican legislators on Wednesday summoned Defense Minister Luis Cresencio Sandoval to explain himself, but he refused, telling them to visit him in his office instead.

The leaks revealed previously undisclosed information -- subsequently confirmed by Lopez Obrador -- that the 68-year-old president was taken by air ambulance in January from his ranch in southern Mexico to a hospital in the capital with heart problems. Lopez Obrador had already suffered a heart attack in 2013.

Before coming to power in 2018, Lopez Obrador had vowed to send the military back to the barracks.

But under his presidency, the armed forces have kept their role in tackling cartel-related violence and even gained more responsibility, including control of ports and customs and major infrastructure projects.

This week lawmakers approved an extension of the Mexican armed forces' public security role until 2028.

In Colombia, Guacamaya claimed to have obtained more than 300,000 private emails from the military forces and the state prosecutor's office, although the hack has yet to generate the same level of controversy there as in Mexico.

The Colombian army said it was "aware of the possible extraction of information from the general command."

Guacamaya also released tens of thousands of emails from the National Hydrocarbons Agency and a private company, New Granada Energy Corp.

The records revealed 62 oil and chemical spills between 2015 and 2020.

Most of these "environmental incidents" were not reported to authorities, according to internal communications from New Granada Energy, which could not be reached for comment.

In Chile, hackers exploited flaws in the computer systems of the Joint Armed Forces Command.

The vulnerability of the Chilean army's servers had been known since August 2021, said Nicolas Boettcher, an expert at Diego Portales University in Santiago.

Even so, "there have been no calls for tenders for the review and repair of the servers," he said.