Related videos:
Chinese-linked hackers managed to breach the systems of the Cuban embassy in Washington D.C. and access the emails of 68 diplomatic officials, including the ambassador and the deputy chief of mission, according to a report released this Wednesday by the cybersecurity firm Gambit Security and shared by Bloomberg.
The attack, which began in January 2026, occurred during one of the most critical moments for the Cuban regime, marked by the Trump administration's decision to block oil shipments to the island. This measure worsened the energy crisis and led to massive blackouts affecting a large part of the country, with electricity cuts lasting up to 25 or 30 hours a day in extensive areas of the territory.
According to researchers, the hackers exploited old security flaws in the Microsoft Exchange mail servers used by the embassy. These vulnerabilities, which had remained unpatched for at least five years, allowed them to access the entire inboxes of Cuban political and intelligence officials without significant obstacles.
"This hacking incident demonstrates how global events drive cyber activity," explained Curtis Simpson, director of strategy at Gambit Security, highlighting the connection between the international situation and such operations.
The scope of espionage is particularly sensitive considering that, since February 2026, Havana and Washington have been engaged in high-level diplomatic talks. In this context, the Cuban government released over 2,000 political prisoners as part of a negotiation process that may have been partially compromised following the leak of communications.
For analysts, access to these emails provides Beijing with a key strategic advantage, allowing it to gain firsthand knowledge of the real state of relations between Cuba and the United States, two countries whose bilateral dynamic remains of high geopolitical interest.
The same group of hackers also targeted the Venezuelan government and its Ministry of Foreign Affairs during the same period, indicating a broader operation in the region. Additionally, they exploited another vulnerability in the React development tool, compromising around 5,000 servers worldwide in less than a week, including systems from the Texas Department of Health and Human Services and the investment firm Santé Ventures.
The episode adds a layer of complexity to the relationship between Cuba and China. For years, intelligence reports have indicated the presence of Chinese facilities on the island intended for espionage activities against the United States, in locations such as Bejucal, El Wajay, Calabazar, and El Salao. However, this new attack suggests that Beijing is also closely monitoring its own allies.
Neither the Cuban embassy in Washington nor the Chinese representation responded to requests for comments from Bloomberg about the incident.
Simpson warned that this type of threat could intensify in the short term, especially with the increasing use of artificial intelligence by attackers. "We talk a lot about new vulnerabilities, but we still haven't addressed the long-standing flaws that make these attacks possible," he noted.
Filed under: