(cache)China’s Worrisome Cyber Penetration in Latin America

Attacks from China state-sponsored hacker groups in Latin America have not only increased in recent years but have also become more sophisticated. According to cybersecurity reports and experts, the People’s Republic of China (PRC) is considered the main state sponsor of cyberattacks in the region, using cyber operations to promote its economic and diplomatic interests in the region, often targeting critical infrastructure and government networks.

“China facilitates cyberattacks in Latin America to achieve its political, economic, and intelligence gathering objectives,” Belisario Contreras, senior director of Global Security and Technology Strategy at Venable LLP and coordinator of the Digi Americas Alliance, a network of organizations dedicated to cybersecurity in the Americas, told Diálogo.

Weakening the region through cyberattacks allows China to achieve two objectives. “First, it causes the affected countries and their allies to waste resources recovering from the damage. Second, by weakening economies through devastating cyberattacks, Chinese companies can easily enter the affected markets,” Contreras said.

The Costa Rica and Paraguay attacks

CHI LATAM 1 — Illustration, Brussels, Belgium, August 9, 2023. In a joint December 17, 2024 statement, the Presidency of the Republic of Costa Rica and the U.S. Embassy in San José said that a comprehensive cybersecurity review of Costa Rica’s critical infrastructure revealed that China-based malicious actors had infiltrated the Central American country’s networks. (Photo: Jonathan Raa/NurPhoto via AFP)

In December 2024, the U.S. Embassy in San José and the Presidency of Costa Rica announced in a joint statement that a comprehensive cybersecurity review to strengthen the resilience of critical infrastructure in the Central American country had revealed that cybercriminal groups based in China had infiltrated the country’s telecommunications and technology systems.

Shortly prior, the Costa Rican Oil Refinery (RECOPE) fell victim to an attack by a different ransomware gang. In addition to importing, refining, and distributing fossil fuels in the country, RECOPE operates oil pipelines that stretch from the Caribbean to the Pacific coasts, serving as a hub to the entire region.

In 2022, Russian group Conti carried out a series of ransomware attacks against Costa Rican government institutions, forcing then-President Rodrigo Chaves to declare a state of national emergency. The country has long been in the crosshairs of hackers of various nationalities, often backed by governments.

“It is unlikely that individual Chinese groups collaborate with hackers from Russia, North Korea, and Iran. According to a recent report published by Russian researchers, in fact, most state hacker cyberattacks against Russia come from North Korea and China. Obviously, this does not rule out the possibility of collaboration, but it is likely that any Chinese state-sponsored attack is not a collaborative effort,” Contreras said.

In November 2024, Flax Typhoon, a cyber-group linked to the Chinese state, was found to have infiltrated Paraguayan government networks, a joint statement from the Paraguayan Ministry of Information and Communication Technologies and the U.S. Embassy in Asunción indicated. Flax Typhoon carried out an advanced persistent threat (APT), that is, a targeted and sustained cyberattack. The Chinese group used malware to infiltrate systems, extract sensitive information, and maintain a hidden presence for long periods of time.

“Some hacker groups are known to be sponsored by the Chinese state, such as Volt Typhoon and Salt Typhoon. Salt Typhoon is run by the Chinese Ministry of State Security and specializes in computer espionage, while Volt Typhoon is known for attacking critical infrastructure in the United States,” Contreras said.

For Miguel Ángel Gaspar, a Paraguayan cybersecurity expert, the cyber spies linked to the PRC infiltrated the national computer system because Paraguay is an ally of Taiwan. “This particular Chinese group is characterized by the fact that it has spent its entire life attacking to infiltrate Taiwanese networks. Their objective was always Taiwan, and they infiltrate to breach the networks, especially those of Taiwan’s agriculture, livestock, and production sectors.”

According to the expert, the attack in Paraguay was a sort of retaliation. “If I only do business with one country, it’s clear that they are going to try to harm me. That is how the world works today because there is not just one reality. There is a physical reality and a digital reality,” Gaspar told Paraguayan television channel NPY.

The risk of Chinese technology companies

CHI LATAM 2 — File photo. The Huawei Technologies logo appears on the screen of a smartphone, in Reno, Nevada, December 1, 2024. Huawei, among other Chinese telecommunications companies such as ZTE, have long faced allegations that they engage in espionage, exploit network vulnerabilities to insert malware and viruses, and otherwise compromise critical communications networks. (Jaque Silva/NurPhoto via AFP)

A few weeks before the hacker attack in Paraguay, officials from the Taiwan Embassy in Asunción reported the presence of a car in which two people who had been in front of the residence of Ambassador Han Chih-Cheng pointed a possibly electronic device toward the diplomatic building, Argentine news site Infobae reported. According to the Paraguayan authorities, the car belonged to Chinese telecommunications company Huawei, a firm that has been excluded from mobile networks in several countries such as Germany, Australia, Great Britain, Denmark, and the United States, among many others, due to risks of espionage through its technology and networks.

“Recent reports from cybersecurity companies have documented cases of Chinese hackers targeting industrial sectors related to Chinese infrastructure projects linked to the Belt and Road Initiative (BRI). So not only are these Chinese companies not developing with cybersecurity as a priority, but there are also cases of Chinese APTs taking advantage of the boom in Chinese infrastructure in the region to facilitate attacks,” Contreras said.

Although the BRI allows China to make attractive short-term offers for infrastructure development in the region, the associated risk of cyberattacks can have devastating effects in the long term.

However, despite privacy and cybersecurity concerns that surround companies such as Huawei and ZTE, these continue to grow in the region. Huawei, in particular, has invested in the deployment of 4G and 5G networks throughout Latin America, where TP-Link wireless routers are also popular. In August 2024, TP-Link announced the opening of a factory in Joinville, in the south of Brazil.

Through Chinese technology companies, Beijing’s influence in Latin America is growing in areas such as cloud computing, digital transformation, and e-commerce, increasing cybersecurity risks. According to a recent Google Cloud report, Brazil has been the target of state-backed cyberespionage groups since 2020. Google determined that over time, more than 40 percent of government-backed phishing activities, that is, online scams in the Latin American country, were backed by the PRC. In 2022, the ChamelGang group, which experts say has Beijing’s support, attacked 192 computers of the Brazilian Presidency.

The role of Latin American regimes in the expansion of Chinese cybercrime

CHI LATAM 3 — File photo taken in Caracas, Venezuela, July 28, 2017. A Venezuelan shows her “Fatherland Card,” an electronic identity card developed by Chinese firm ZTE, aimed at organizing and regulating social benefits. The card helps the Nicolás Maduro regime exert social control over the population. (Photo: Ronaldo Schemidt/AFP)

Authoritarian regimes such as those of Nicaragua, Venezuela, and Cuba having failed to develop their own technology prefer Russian and Chinese technology.

Nicaragua recently announced that it had commissioned Huawei to carry out the country’s digital transformation plan, a comprehensive project that includes the reinforcement of infrastructure and all telecommunications services. In Venezuela, Beijing has provided surveillance and cybersecurity technologies that experts say the Nicolás Maduro regime uses to control dissidents and opponents. Among them, the infamous Fatherland Card (Carnet de la Patria) with which various subsidies are distributed to the population, was developed by Chinese company ZTE, whose products have been banned in some countries such as Sweden, Germany, and the United States. Finally, in Cuba, satellite images revealed the expansion of Chinese electronic listening stations, according to a recent report by think tank Center for Strategic and International Studies (CSIS).

“Due to their political similarities or acceptance of Chinese and Russian political and technological standards, it is easy for these Latin American countries to allow Chinese-run companies to operate and choose them over other alternatives,” Contreras said.

China’s use of these countries as a sort of Trojan horse from which to attack Latin America makes Beijing’s cyber threat an increasingly serious security problem for the entire region.

China’s Worrisome Cyber Penetration in Latin America

Transnational Criminal Organizations Expand Dominion in Brazilian Amazon

China’s Worrisome Cyber Penetration in Latin America

LAMAT 25 Demonstrate Readiness, Provides Critical Dental Care in Caribbean Islands

For more on security and defense issues around the globe, click on the links below:

Share on Social Media

Related Posts

China’s COSCO Shipping Accused of Contaminating Beach near Chancay Port

China-Built Coca Codo Sinclair Dam at Risk of Collapse

For more on security and defense issues around the globe, click on the links below: