On Tuesday, a senior official from Guyana’s Ministry of Natural Resources moved to debunk widespread claims made by cyber extortion syndicate FULCRUMSEC that the group had successfully hijacked sensitive internal data tied to the South American nation’s critical mining sector. The official clarified that all information the group claims to have stolen consists entirely of publicly available datasets, countering the hacker group’s narrative of a major national security compromise.
According to details shared by the ministry, Global Venture — the third-party contractor contracted by the Guyanese government to develop and manage the country’s national mineral mapping project — first detected the extortion attempt on April 15, when the firm received a suspicious ransom demand. The hackers demanded a $500,000 payment in cryptocurrency to avoid publishing the claimed stolen data via a dark web link. Immediately after receiving the email, Global Venture alerted the IT division of the Guyana Geology and Mines Commission (GGMC) and deployed defensive cybersecurity measures to mitigate any potential risk.
Global Venture flagged multiple red flags in the extortion attempt that raised immediate suspicion: the email referenced Analog Gold Inc., a mining firm that Global Venture has no operational connection to, and Prospector — the AI-powered mineral exploration platform built and maintained by Global Venture — has not had any business ties to Analog Gold for more than three years.
Prospector, the AI platform launched by Global Venture six years ago to support mineral mapping and exploration operations, launched an immediate internal forensic audit after the extortion attempt was made public. Initial audit findings have confirmed that no unauthorized malicious modification or exfiltration of non-public sensitive data occurred. The investigation did confirm that FULCRUMSEC exploited a misconfigured access key to scrape and copy publicly accessible data stored in Global Venture’s Amazon S3 cloud storage buckets linked to the Prospector staging platform. Prospector has since patched the security vulnerability, implemented additional monitoring protocols, and rolled out extra security safeguards to prevent similar unauthorized access in the future.
In their dark web posting earlier this week, FULCRUMSEC amplified their claim of a major breach, asserting that the group had exfiltrated 2.2 terabytes of data across 52 cloud storage buckets. The group alleged the haul included full details of Prospector’s commercial infrastructure and a complete copy of Guyana’s sovereign national mining database. The extortion group further claimed the breach stemmed from critical infrastructure misconfigurations, claiming Guyanese government sensitive data was incorrectly stored in the same Amazon Web Services account that Global Venture uses for staging logs and AI model training data. The group is currently circulating a 58-gigabyte “sample package” of claimed stolen data to pressure Global Venture into paying the ransom demand.
FULCRUMSEC also published a detailed list of supposed sensitive data they obtained, including personal identifiable information (PII) such as full names, tax IDs, national ID numbers, passport details, dates of birth, contact information and residential addresses of GGMC government officials; corporate director records, internal government decision-making histories; 12,987 mineral license records with precise geospatial coordinates; unreleased government land planning documents including 41 proposed extensions to Amerindian communal lands; more than 1,886 confidential NI 43-101 technical mining reports; and full backups of multiple corporate and government SQL databases.
Despite the hacker group’s dramatic claims, Guyanese government authorities have repeatedly emphasized that none of the data FULCRUMSEC holds qualifies as sensitive or proprietary. All mining tenure data the group claims to have stolen is already freely accessible to the public via the interactive mineral tenure map hosted on the official GGMC website, the official confirmed, and all data tied to Prospector consists of information already disclosed in public corporate filings and press releases. The official added that the extortion group has simply repackaged existing public information to manufacture the appearance of a high-stakes data breach for extortion purposes.