Collaboration with the United States has once again proven essential in addressing the increasing threat of state-sponsored cyberattacks from China in Latin America, as demonstrated by a recent incident involving Guatemala’s Foreign Ministry (MINEX).
“Thanks to the close cooperation between our two countries, we were able to detect these threats and implement the necessary measures to mitigate them and prevent future occurrences,” MINEX stated to the Associated Press on April 30. The ministry reported that Chinese hackers accessed its computer systems from September 2022 to February 2025. A thorough cybersecurity assessment of Guatemalan security networks conducted by U.S. Southern Command (SOUTHCOM) led to the identification of these China-based cyber espionage groups.
Guatemala’s President Bernardo Arévalo announced significant findings during the Southern Defender (Defensa del Sur) 2025 regional cybersecurity exercise, which took place from April 26 to May 9. This exercise brought together diplomatic and military officials from Guatemala, Taiwan, and the United States.
“We are not discussing theoretical issues or future challenges; we are facing real threats and concrete challenges,” Arévalo stated, as reported by the local news outlet Soy502. He emphasized that the Southern Defender exercise helped identify hostile attempts by hacker groups based in the People’s Republic of China to infiltrate the national cyber system.
According to SOUTHCOM's statement on X, the identified threat is APT-15, also known by various names including Vixen Panda, Nickel, Nylon Typhoon, Ke3Chang, and Playful Dragon. This group, linked to China, has been associated with cyber intrusions targeting government organizations worldwide, particularly in Central and South America.
APT-15 is a sophisticated cyber espionage group associated with the Chinese Communist Party (CCP), particularly the Ministry of State Security (MSS). This group employs advanced cyberattack techniques that are persistent, stealthy, and highly technical. Their goal is to infiltrate networks for extended durations to either inflict damage or steal sensitive information. APT-15 primarily targets strategically significant entities, including governments, diplomatic missions, and major technology firms.
"The length of time these hackers have remained undetected underscores the sophistication of their tactics and the urgent need for ongoing vigilance and international cooperation to prevent similar incidents in the future," stated cybersecurity expert Belisario Contreras, former head of the Cybersecurity Program at the Organization of American States (OAS), in an interview with Diálogo.
APT-15 has recently been associated with attacks on organizations involved in the Belt and Road Initiative (BRI), an infrastructure project promoted by the Chinese Communist Party (CCP). This indicates that the group is actively engaged in espionage for political, military, and economic objectives. APT-15 has been linked to recent attack campaigns in several Latin American countries, including Brazil, Chile, and Belize.
"The emergence of APT-15 highlights the changing landscape of cyber threats and the necessity for international collaboration to tackle them. The governments of Guatemala and the United States are committed to addressing these challenges directly, ensuring the security and resilience of our digital infrastructure," SOUTHCOM stated on X.
In addition to stealing sensitive information and gathering intelligence, these attacks enable the CCP to enhance its political influence in Latin America. Guatemala, a long-standing and key ally of Taiwan in Central America, has maintained a relationship that has consistently heightened tensions with the CCP. For years, Beijing has applied diplomatic and commercial pressure on the Guatemalan government in an effort to sever the nearly century-old ties with Taipei. President Arévalo has strongly reaffirmed his commitment to maintaining relations with Taiwan.
“These activities demonstrate China’s strategic aim to interfere in the region,” said Contreras. The expert added, “After compromising critical infrastructure through cyberattacks, China is also leveraging its Belt and Road Initiative to provide low-cost, yet technologically insecure, infrastructure contracts.”
Comparable assaults
In mid-December 2024, Costa Rica and the United States discovered that malicious actors based in China had infiltrated the networks of the Central American nation. A collaborative cybersecurity assessment of Costa Rica's critical infrastructure, designed to enhance resilience, identified breaches in the country's telecommunications and technology systems by cybercriminal groups from China.
Just three weeks earlier, the Paraguayan government, in partnership with SOUTHCOM, thwarted a significant threat from the Chinese state by uncovering the cyber espionage group Flax Typhoon, which is linked to the Chinese Communist Party, operating within Paraguayan government systems. Notably, Paraguay remains Taiwan's last ally in South America.
In an interview with Paraguayan Radio Ñanduti, Minister of Information and Communication Technologies (MITIC) Gustavo Villate stated that the purpose of the cyberattack was to obtain sensitive information. “These attacks aim not only to inflict damage but also to access confidential data that could jeopardize the country’s operations and international relations,” Villate explained.
“Collaboration between Latin American countries and the United States is crucial in combating these cyberattacks,” Contreras added. “Establishing formal channels for information exchange enables countries to better understand emerging threats and respond effectively. Without such cooperation, each nation would have to start from scratch following an attack.”
