Three weeks after Paraguay and the United States announced they had uncovered and foiled a China state espionage threat against Paraguayan government networks, Costa Rica found itself facing similar circumstances.
In a joint December 17 statement, the Presidency of the Republic of Costa Rica and the U.S. Embassy in San José indicated that a comprehensive cybersecurity review of Costa Rica’s critical infrastructure, aimed at strengthening resilience, revealed that China-based malicious actors had infiltrated the Central American country’s networks.
“The review revealed intrusions in Costa Rica’s telecommunications and technology systems by cybercriminal groups located in China,” the joint statement said. “The United States reaffirms its commitment to supporting Costa Rica in combating these threats and protecting its sovereignty.”
The announcement, made shortly after Chinese espionage group Flax Typhoon, backed by the People’s Republic of China government, was found infiltrating Paraguayan government systems, highlights the constant and increasing threats of state-sponsored cyberattacks and how critical it is for partner nations to strengthen their cybersecurity and cyber defense.
“Although the Chinese government denies any nexus with these [cybercriminal] groups, it uses them clandestinely to gather strategic information, later allowing it to disassociate itself,” Víctor Ruiz, founder of SILIKN cybersecurity center in Mexico told Diálogo.
Criminal complaint
On December 11, Costa Rican President Rodrigo Chaves announced during a press conference that his government had filed a criminal complaint against Chinese telecommunications company Huawei and its representatives in the country. The complaint, for fraud, bribery, and influence peddling, includes two current and three former officials with the Costa Rican Electricity Institute (ICE), local news site The Tico Times reported.
“This is possibly one of the most blatant and biggest corruption scandals in the history [of this country],” President Chaves said.
The complaint comes amid Costa Rica’s late 2023 decision to ban firms from countries that have not endorsed the Budapest Convention on cybercrime from bidding on 5G networks contracts in the country, citing cybersecurity concerns. China is not a signatory to the international treaty.
Huawei, among other Chinese telecommunications companies such as ZTE, have long faced allegations that they engage in espionage, exploit network vulnerabilities to insert malware and viruses, and otherwise compromise critical communications networks. In July 2024, Germany announced it will phase out Huawei and ZTE components from its 5G network to safeguard national security.
High stakes
In late November, two Costa Rican government agencies and a private company were hit by cyberattacks from malicious foreign actors. Those affected were the Costa Rican Oil Refinery (RECOPE), the Immigration Directorate, and television company Repretel. According to a Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) statement, the incident that involved the Immigration Directorate consisted of espionage, while RECOPE was the victim of ransomware. The Repretel incident was also a case of ransomware attack, Costa Rican news site Telesemana reported.
“The hackers behind the attack on RECOPE demanded $5 million to unblock the compromised systems, although the government ruled out any possibility of payment. These incidents are related to other recent attacks in Mexico, executed under the Ransomware-as-a-Service (RaaS) scheme, a criminal structure that operates as a business model,” said Gezer Molina, MICITT director of Cybersecurity.
RansomHub ransomware group claimed responsibility for the attack on RECOPE, Ruiz told Diálogo. “This group is made up of hackers from Russia, China, and North Korea,” Ruiz said. “On November 25, RansomHub also attacked Mexico’s Federal Judicial Council. Its modus operandi is to extort government entities and global companies for financial gain.”
On November 29, RECOPE President Karla Montero said in a statement that U.S. cybersecurity experts had arrived to help gradually restore the systems. A few days prior, on November 27, only a day after the Paraguayan government and the U.S. Embassy in Paraguay released their joint statement identifying the China state-backed cyber espionage threat, the U.S. Embassy in Costa Rica reiterated via social media the United States’ support to the Central American country.
“We are working hand in hand with the @micittcr, specifically with the Computer Security Incident Response Center of the Cybersecurity Directorate in its work to address the attacks in recent days,” the U.S. Embassy in Costa Rica said via X.
The United States has been steadfast in its support to partner nations in Latin America and the Caribbean to combat cyberthreats. In May 2023, the U.S. Embassy in Costa Rica announced a $25 million donation to the Central American country to help strengthen its cybersecurity and digital infrastructure against threats from malicious actors.
In 2022, Costa Rica was hit by a major wave of cyberattacks by Russia state-backed ransomware group Conti that greatly affected the public administration, seemingly paralyzing it for several weeks, leading the government to declare a state of emergency. The Costa Rican government has since then deployed a cybersecurity policy to strengthen defenses and promote international cooperation.
