Latin America has experienced a notable increase in cyberattacks attributed to groups backed by the Chinese Communist Party (CCP), highlighting a growing and persistent threat to the region’s digital infrastructure. According to the 2025 Latin America Threat Landscape Report by cybersecurity technology company CrowdStrike, in 2024, CCP-linked operations increased by 150 percent compared to the previous year.
Among the groups identified are Vixen Panda, Aquatic Panda, and Liminal Panda, which have targeted government networks, telecommunications infrastructure, and defense systems. CrowdStrike notes that these groups use persistent infiltration tactics, lateral movement within networks, and data extraction, aligning their operations with the CCP’s strategic interests.
“Beijing provides direct resources to these groups. Many of their members have been trained within the Chinese Army, which has a formal cyber unit. Some of these elements are then integrated into groups that operate as advanced persistent threats (APTs),” Víctor Ruiz, founder of the SILIKN cybersecurity center in Mexico, told Diálogo.
According to Ruiz, in addition to Beijing’s support, these groups have a degree of financial autonomy. “They have defined tactics, sophisticated tools, and access to funds stolen from banks or cryptocurrencies, which allows them to carry out long-range operations.”
Countries such as Argentina, Brazil, Chile, Colombia, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Panama, Peru, and the Dominican Republic have been targeted by these campaigns. The attacks have exploited vulnerabilities in critical services that use 5G technology, cloud storage, and data centers provided by Chinese companies, the CrowdStrike report indicates.
China’s Data Security Law specifically requires its companies to share information with the regime for national security purposes. This legal obligation creates a direct pipeline for data access, a concern amplified when Chinese companies provide critical infrastructure. For instance, Beijing has actively offered 5G connectivity services to Latin American governments. This widespread deployment of Chinese 5G networks and associated cloud storage, and data centers raises alarms, as it could provide official access to the region’s sensitive network traffic and data flows, facilitating espionage.
Structural risks
“Using Chinese technology infrastructure increases the exposure of Latin American countries. Companies such as Huawei are required by law to share information with the CCP, which allows them to cross-reference data between what they collect legally and what APT groups such as the Pandas obtain. Thus, espionage combines civilian and military capabilities,” Ruiz said.
“The risk is amplified when foreign suppliers manage critical infrastructure. If a company detects sensitive information, it can transfer it to the regime, which in turn hands it over to an APT group. This complicates international attribution, as attacks are attributed to unknown actors, not to the supplier or the government involved,” he added.
Hemispheric cooperation and joint capabilities
Recognizing the persistent threat of cyberespionage, international cooperation has become a cornerstone of Latin America’s defense strategy. U.S. Southern Command (SOUTHCOM), for example, actively collaborates with several Latin American governments to review the security of their digital infrastructures. These assessments have detected traces of cyber infiltration linked to Chinese state actors.
For instance, in December 2024, Costa Rica and the United States revealed that a joint review identified infiltrations from China within Costa Rican telecommunications systems. A month prior, a similar assessment in Paraguay detected the presence of the Flax Typhoon group, linked to the CCP, within government networks.
Following a significant cyberattack in 2022 by the Russian-linked Conti ransomware group, the United States provided an initial investment of $25 million to strengthen Costa Rica’s cybersecurity capabilities, leading to the creation of its National Security Operations Center. SOUTHCOM furthered this investment with a nearly $10 million security assistance initiative to bolster the Ministry of Public Security’s cyber defense capacity. In October 2024, Costa Rica also announced the creation of cyber intelligence and forensic laboratories, as well as a secure institutional exchange network, with support from the European Union (EU), CrowdStrike indicated.
Throughout 2024, the push for stronger alliance continued. Argentina and Uruguay signed memoranda of understanding with the United States to enhance cooperation in cyber defense and promote public-private technology partnerships, the CrowdStrike report added. Paraguay joined an expanded version of the EU-promoted cybercrime agreement, while Chile signed an agreement with the EU to improve regional cyber resilience.
“The United States has established strategic agreements with some countries in the region, but this cooperation needs to be expanded,” Ruiz said. “These agreements allow us to learn about our allies’ cyber capabilities and anticipate threats, as was the case in Costa Rica and Paraguay.”
Risks underestimated
According to the report LatAm Cyber Summit 2024, by Cybersecurity for Critical Assets (CS4CA), a global series of summits that bring together cybersecurity professionals, the region records more than 1,600 cyberattacks per second. In some countries, economic losses exceed one percent of Gross Domestic Product (GDP) and can reach six percent when critical infrastructure is affected.
“In Latin America, the risk posed by digital espionage linked to the CCP has not been fully assessed. The problem is not only a lack of awareness, but also a lack of priority. Many governments allow the deployment of Chinese technology in telecommunications without establishing adequate monitoring mechanisms or security measures,” Ruiz concluded.
