KEY TAKEAWAYS:
Cyberattacks in Mexico are escalating, exposing persistent vulnerabilities in government and private sector systems.
Drug trafficking organizations (DTOs) and foreign hackers use AI and cryptocurrency to conduct scams and launder illicit funds.
Without comprehensive cybersecurity legislation, Mexico’s response remains fragmented and ineffective against growing cyber threats.
Mexico faces an escalation of cybercrimes targeting government institutions and key private sector industries, such as financial services, trade, and manufacturing, which will likely worsen over the coming months.
In 2024, Mexico accounted for around 55 percent of cyberattacks in Latin America, consisting of ransomware, phishing, and extortion attacks, and the economy lost over USD 40 million as a result. Increased trade between Mexico and the neighboring US, the rapid digitization of businesses and public institutions, and outdated cyber infrastructure make entities operating in Mexico particularly ripe targets for cyber criminals. In late February 2025, reports of the Inferno Leaks emerged, in which hackers sold at least 701 gigabytes worth of electoral, business, banking, health, and telecommunications data of millions of people, on the dark web.
Later reports from early April 2025 suggested that from 2022 to 2024, Nuevo León State, an economic hub for multiple foreign companies operating in northern Mexico, accounted for at least 25 percent of cyberattack attempts nationwide. Given the current vulnerabilities in the country's defenses, some have estimated that attacks against government institutions could increase by as much as 250 percent from 2024 to 2025. Such trends will likely continue to pose a significant threat to data for those operating in the private and public sectors over the coming months.
DTOs Exploit AI, Crypto to Expand Cybercrimes
DTOs, such as the Jalisco New Generation Cartel (Cártel de Jalisco Nueva Generación, CJNG) and Sinaloa Cartel (Cártel de Sinaloa, CDS), have leveraged new technologies, such as artificial intelligence and cryptocurrency, to expand the reach of their illicit activities. Criminal groups have enhanced their ability to conduct online scams and extortion operations, using deepfakes posing as legitimate businesses or law firms to defraud victims of large amounts of money. This creates serious reputational risk for companies operating in Mexico, as victims may believe it was the business that conducted the scam rather than DTOs posing as it. DTOs have also increasingly used cryptocurrencies to launder such ill-gotten money more effectively, making it easier for the groups to move large amounts of money without being detected by authorities.
In addition to targeting businesses, DTOs also target the state in cybercrimes; military officials stated April 25 that they were investigating an elaborate network of hackers connected to CJNG that attempted to breach multiple national security agencies, along with PEMEX, the state-owned oil company that is a major supplier to international markets. As existing technologies evolve in capability, threat actors are highly likely to escalate their activities over the coming months.
Government Launches New Cybersecurity Offices and Investments
To address ongoing vulnerabilities, many have called for the national government to ratify a comprehensive cybersecurity law and lay out a clear strategy for dealing with emerging threats. President Claudia Sheinbaum has taken some initial measures to improve the government's cyber defenses. The government published a decree on Jan. 24, announcing the creation of the General Directorate of Cybersecurity, which would operate under the recently formed Digital Transformation and Telecommunications Agency (ATDT) to safeguard government data. Most recently, the Federal Commission of Electricity (CFE) announced May 1 investments of over USD 20 million in the cybersecurity and energy sectors, considering widespread power outages in Latin America and Europe and increased cyberattacks on Mexico.
Lack of Cybersecurity Law Weakens National Defense
Although there have been recent legislative proposals to enact a concrete cybersecurity law, which would include provisions to create a National Cyber Security Agency and cybercrime prosecutors, these have struggled to gain momentum. The government has not indicated that it wishes to pass comprehensive cybersecurity legislation and is unlikely to do so unless there is a greater push in Congress. As a result, the government's cybersecurity response will likely be fragmented over the coming months, lacking a clear legal framework to enforce cybersecurity regulations and punish crimes of this nature.
While authorities have taken measures to combat emerging cyber threats, threat actors will likely escalate cybercrimes over the coming months. External threat actors, hacktivists, and criminal organizations have effectively leveraged new technologies to enhance their capabilities to commit crimes against Mexican assets and data in the public and commercial sectors without detection from security forces. While the government has increased funding and created new offices to safeguard the country's cybersecurity, such efforts will unlikely be effective in the coming months without any robust legal framework for enforcement and prosecution.
Learn more about leveraging our industry-leading regional and subject matter experts for intelligence that helps your organization stay ahead of risks to your people and operations.
Related
Tags
Intelligence Analysis
Alert: Escalated Tensions Between India And Pakistan Likely To Persist
Crisis24 Alert: Tensions between India and Pakistan persist, causing disruptions in air travel and heightened security measures.
May 13, 2025
Intelligence Analysis
Climate Change-Associated Threats Increase Operational Uncertainty for Utility Providers
Utility firms face mounting threats from climate shocks that disrupt physical operations and trigger rapid shifts in government policy.
May 6, 2025
Intelligence Analysis
The Critical Role of Change Management in Organizational Success
To mitigate risks and ensure seamless digital transitions, change management helps integrate security protocols and enterprise risk management strategies.
May 2, 2025
Case Study
A Leader in Sporting and Recreation Equipment Chooses Crisis24 to Build an Integrated Global Security Strategy with TopoONE
A leader in sporting equipment partners with Crisis24 to build an integrated global security strategy using TopoONE, enhancing operational efficiencies and safety.
April 29, 2025