Exploiting vulnerabilities in satellite communications has opened a critical new front in the transnational conflict. Highly militarized and technologically organized groups, such as Mexico’s Jalisco New Generation (CJNG) and Sinaloa cartels, are positioned to take advantage of the lack of encryption in Geostationary (GEO) satellite links. That vulnerability could allow them to obtain operational information from security forces, potentially allowing them to match the state’s response capacity. This phenomenon, which experts warn marks the beginning of a “criminal war in the orbital spectrum,” underscores the urgent need for the modernization of national cyber defense systems.
The discovery: unprotected sensitive links
Transnational criminal organizations (TCOs) are radically transforming their operations. While disputes have historically been centered on weapons, shipments, or territories, a new battlefront has emerged: the exploitation of technological vulnerabilities that allow them to access operational information from security forces, Infobae reported.
A team of researchers from the University of California, San Diego and the University of Maryland conducted a comprehensive study of global GEO satellite vulnerabilities across multiple sectors. The report, Don’t Look Up: There Are Confidential Internal Links in the Clear on GEO Satellites, released in October 2025, reveals that information from these systems — including those used by Mexican security forces — for internal infrastructure, logistics, and administrative management was transmitting data without any encryption, in other words, unprotected.
The data observed included locations, deployments, mission functions, and maintenance records, as well as real-time military object telemetry with precise geolocation, identifiers, and live telemetry.
The new threat landscape: TCO digital intelligence
The discovery of these unprotected links immediately triggered warnings about the capabilities of TCOs. Víctor Ruiz, instructor and founder of SILIKN, a Mexican cybersecurity company, analyzed the report and warned that groups like the CJNG and Sinaloa Cartel possess the technical sophistication and resources, many available on the dark web, to carry out highly targeted cyber operations against state infrastructure. This potential access to sensitive government information redefines digital sovereignty and highlights the technological gap that exists between the state and organized crime.
To conduct the study, the researchers assembled a functional GEO traffic analyzer using readily available, low-cost, commercial off-the-shelf components, investing less than $700. With this equipment, they were able to capture multipole satellite signals. Additionally, they used a tuner card to record and decode passive traffic circulating between different satellites.
The report also revealed maintenance and tracking records of military assets such as Mil Mi-17 and UH-60 Black Hawk helicopters, ships, and armored vehicles, with their respective locations and mission details, technology magazine Wired reported based on an interview with the report’s authors.
TCO tactical sophistication: Digital and military-grade operations
“There could be actors who try to distort a country’s infrastructure, whether it be energy, banking, or telecommunications,” Álvaro Sánchez, CEO of Integrasys, a Spanish company specializing in satellite communication systems, told news site 20 Minutos. “They can damage it, minimize it, or shut it down. They can also obtain information or demand a ransom by paralyzing a service. That is why it’s important to protect communications, equipment, and people from any possible denial of service.”
During clashes between the CJNG and the Sinaloa Cartel in areas of Chiapas in mid-May 2024, residents of the region reported that both groups installed signal blockers to prevent the use of telephones or access to the internet, Spanish daily El País reported.
Cybersecurity expert Ruiz explained that the cartels operations are sophisticated. “These cartels can geolocate police convoys in real time with a margin of error of less than three meters and use three-dimensional models of the terrain to design escape routes,” he said. “Their operation combines military-grade digital intelligence, integrating satellite signals (orbital SIGINT), public information from civilian applications (OSINT), and advanced processing using FPV drones (piloted with 3D goggles). Thanks to this approach, they have managed to match the tactics of special forces and surpass the response speed of state agencies that rely on obsolete technological systems.”
AI and smart routes: The continuous evolution of organized crime
Both cartels have begun to integrate artificial intelligence (AI) to optimize drug and human trafficking routes using navigation and risk prediction algorithms. By documenting the use of smart itineraries, they avoid checkpoints, estimate crossing times, and reduce operational exposure, explains Juan Manuel Aguilar, a researcher at the Center for Research on North America at the National Autonomous University of Mexico (UNAM) in his study The Use of Artificial Intelligence by High-Risk Criminal Networks.
The challenge of cyber defense: Toward a national and binational response
“Countries need to develop strategic infrastructures that include sovereign data centers with post-quantum encryption (against quantum attacks), national 5G and 6G networks with advanced encryption, and low Earth orbit (LEO) satellite constellations of their own or shared with allied nations,” Ruiz said.
“SIGINT and cyber intelligence fusion centers powered by predictive AI are also required, as well as the training of talent in military and civilian academies specializing in electronic warfare, quantum cryptography, orbital OSINT, and ethical hacking. All of this must be integrated into an active cyber defense doctrine that prioritizes agile technology acquisitions and continuous red and blue team exercises to effectively address hybrid threats in real time,” he added.
The capabilities of these TCOs in the orbital spectrum mark a turning point in the history of national security. Their high level of organization and potential to combine AI, SIGINT, and OSINT has allowed these organizations to acquire the digital intelligence necessary to match — and sometimes exceed — the state’s response capabilities. The challenge for Mexico and its allies is monumental: to modernize their technological infrastructure and adopt an active cyber defense doctrine that is up to the task of a hybrid and constantly evolving threat.
