Cooperation with the United States has once again proved strategic in countering the growing threat of China-state sponsored cyberattacks in Latin America. Such was the case recently for Guatemala’s Foreign Ministry (MINEX).
“Thanks to close collaboration between both countries, these threats were detected, and the necessary measures were taken to stop them and prevent them in the future,” MINEX told Associated Press on April 30. According to MINEX, Chinese hackers infiltrated its computer systems from September 2022 to February 2025. A U.S. Southern Command’s (SOUTHCOM) comprehensive cybersecurity review of Guatemalan security networks led to the detection of the China-based cyber espionage groups.
Guatemala’s President Bernardo Arévalo made the revelation during a regional cybersecurity exercise dubbed Southern Defender (Defensa del Sur) 2025, April 26 – May 9. The cybersecurity exercise involved diplomatic and military authorities from Guatemala, Taiwan, and the United States.
“We are not talking about theoretical speculations or problems that require preparation for the future; we are talking about concrete challenges, active threats,” Arévalo said, according to local news site Soy502. An exercise such as Southern Defender, he added, “allowed us to identify hostile attempts by hacker groups located in the People’s Republic of China to penetrate the national cyber system.”
The threat, SOUTHCOM said via X, was identified as APT-15, also known as Vixen Panda, Nickel, Nylon Typhoon, Ke3Chang, and Playful Dragon, among others. “This group, associated with China, has been linked to intrusions of government organizations across the globe, with a focus on Central and South America,” SOUTHCOM said.
APT-15 is an advanced cyber espionage group linked to the Chinese Communist Party (CCP), specifically the Ministry of State Security (MSS). It uses sophisticated forms of cyberattacks that are persistent, covert, and highly technical. Its objective is to infiltrate a network for extended periods to cause damage or steal sensitive data. These attacks target entities of vital strategic importance, such as governments, diplomatic headquarters, and large technology companies.
“The period of time that these hackers have gone undetected highlights both the sophistication of their methods and the need for continuous vigilance and international collaboration to prevent such incidents in the future,” cybersecurity expert Belisario Contreras, former head of the Cybersecurity Program at the Organization of American States (OAS), told Diálogo.
APT-15 has recently been linked to attacks against organizations involved in the Belt and Road Initiative (BRI), the infrastructure project promoted by the CCP, which suggests that the group is actively engaging in espionage for political, military, and economic purposes. APT-15 has been linked to recent attack campaigns in several Latin American countries, including Brazil, Chile, and Belize.
“The discovery of APT-15 underscores the evolving nature of cyber threats and the importance of international cooperation in addressing them. The governments of Guatemala and the United States are united in their resolve to confront these challenges head-on, ensuring the security and resilience of our digital infrastructure,” SOUTHCOM said via X.
In addition to stealing sensitive information and gain intelligence, these attacks allow the CCP to gain political influence in Latin America. Guatemala is Taiwan’s longtime, foremost ally in Central America, a relationship that has consistently fueled tensions with the CCP. Beijing has been exerting diplomatic and commercial pressure on the Guatemalan government for years in an attempt to end the near century old bilateral relationship with Taipei. President Arévalo has firmly reiterated his intention to maintain ties with Taiwan.
“These activities reflect China’s strategic intention to interfere in the region,” Contreras said. According to the expert, “after undermining critical infrastructure through cyberattacks, China is also taking advantage of its Belt and Road Initiative to offer low-cost but technologically insecure infrastructure contracts.”
Similar attacks
In mid-December 2024, Costa Rica and the United States uncovered the presence of China-based malicious actors in the Central American country’s networks. A joint cybersecurity review of Costa Rica’s critical infrastructure, aimed at strengthening resilience, revealed the intrusion in Costa Rica’s telecommunications and technology systems by cybercriminal groups located in China.
Just three weeks prior, the Paraguayan government and SOUTHCOM foiled a serious China-state threat, uncovering the presence of cyber espionage group Flax Typhoon, linked to the CCP, in Paraguayan government systems. Paraguay is Taiwan’s last ally in South America.
In an interview with Paraguayan Radio Ñanduti, Minister of Information and Communication Technologies (MITIC) Gustavo Villate explained that the aim of the cyberattack was to gain sensitive information. “These types of attacks not only seek to cause damage, but also to access confidential data that compromises the country’s operations and international relations,” Villate said.
“Collaboration between Latin American countries and the United States is essential to counter these cyberattacks,” Contreras concluded. “Formal channels for information exchange help countries understand emerging threats and respond effectively. Otherwise, without cooperation, each country would have to start from scratch after an attack.”
