Leaks by a shadowy group of hackers targeting secret files belonging to the armed forces of several Latin American nations have fueled controversy in Mexico over the military’s growing power.

A treasure trove of sensitive information has been stolen from Mexico’s Defense Ministry by the collective known as Guacamaya, which also claims cyberattacks in Chile, Colombia and Peru.

“Their goals are more political than economic,” said Diego Macor, a cybersecurity expert at US tech giant IBM in Chile, who describes the network’s members as “hacker activists.”

The leaks revealed that after President Andres Manuel Lopez Obrador took office in 2018, the Mexican army continued to use Pegasus spyware developed by Israeli company NSO Group, according to an investigation by the Network in Defense of Digital Rights and its partners.

The targets included journalists and a human rights activist, according to the investigation, which was supported by the University of Toronto’s Citizen Lab.

The army insisted it only used spyware to fight organized crime.

The hack also led to the Mexican military facing allegations that some of its members have ties to drug cartels and that it has implemented a controversial security reform that gives it control of the National Guard, which was previously under civilian command.

Two soldiers sold grenades, other weapons and tactical equipment to members of the drug cartel, according to analysis of files by civil society group Mexicans Against Corruption and Impunity.

The Mexican and Peruvian military also reportedly monitored civil society organizations such as Amnesty International, which condemned their actions as “unacceptable”.

“The improper surveillance of civil society organizations identified in the collective Guacamaya leaks is an example of the hostile context in which we operate as organizations defending human rights in America,” said Amnesty Regional Director Erika Guevara-Rosas.

“Instead of monitoring the activities of civil society organizations, the military and other authorities in the region should ensure an enabling environment for the defense of rights and recognize the important role of human rights defenders,” she added.

Mexican lawmakers on Wednesday asked Defense Minister Luis Cresencio Sandoval to explain, but he refused, prompting her to visit him at his office instead.

The leaks revealed previously undisclosed information – later confirmed by Lopez Obrador – that the 68-year-old president was taken by ambulance from his ranch in southern Mexico to a hospital in the capital in January with heart problems. Lopez Obrador suffered a heart attack in 2013.

Before coming to power in 2018, Lopez Obrador had vowed to send the military back to barracks.

But under his presidency, the armed forces have maintained their role in combating cartel-related violence and assumed even greater responsibilities, including controlling ports and customs and major infrastructure projects.

This week, lawmakers approved an extension of the Mexican armed forces’ role in public safety until 2028.

In Colombia, Guacamaya claimed to have received more than 300,000 private emails from the armed forces and prosecutors, though the hack has not yet sparked the same level of controversy there as in Mexico.

The Colombian army said it was “aware of the possible taking of information from the general command”.

Guacamaya also released tens of thousands of emails from the National Hydrocarbons Agency and a private company, New Granada Energy Corp.

The records uncovered 62 oil and chemical spills between 2015 and 2020.

Most of these “environmental incidents” have not been reported to authorities, according to internal communications from New Granada Energy, which could not be reached for comment.

In Chile, hackers exploited vulnerabilities in the Joint Armed Forces Command’s computer systems.

The vulnerability of the Chilean army’s servers has been known since August 2021, said Nicolas Boettcher, an expert at the Diego Portales University in Santiago.

Despite this, “no tenders for checking and repairing the servers were made,” he said.