LATAM Cybersecurity in 2025: New Threats, New Frontlines

Published on 13 Jun 2025

As cyberattacks become more sophisticated and globally interconnected, Latin America is emerging as a key battlefield in the fight against digital adversaries. The CROWDSTRIKE LATAM Threat Landscape Report exposes a concerning trend: a growing volume of targeted attacks by both criminal and state-nexus actors, fueled by economic instability, political shifts, and weak cybersecurity infrastructure.

Governments across Latin America made notable advancements in 2024—updating cybersecurity laws, investing in national CSIRTs, and strengthening international partnerships. Yet, despite this progress, threat actors continue to adapt faster than defenses can be built.

Who’s Targeting Latin America?

CrowdStrike observed a marked increase in campaigns led by financially motivated eCrime groups. Several “Spider” adversaries—including OCULAR SPIDER, SAMBA SPIDER, and PUNK SPIDER—are behind a surge in ransomware, data theft, and extortion attacks.

What’s new in 2025 is the increased use of Crypter-as-a-Service tools that allow attackers to bypass detection at scale. These tools, such as those offered by ROBOT SPIDER, enable lower-skilled actors to launch advanced malware attacks with ease.

State-Sponsored Intrusions & Strategic Espionage

While ransomware grabs headlines, quieter intrusions by nation-state adversaries pose deeper systemic threats. Intelligence-gathering campaigns attributed to actors like FANCY BEAR (Russia) and VIXEN PANDA (China) have targeted ministries, defense agencies, and telecoms across LATAM.

The strategic motivations are clear—these actors seek long-term influence over critical infrastructure and geopolitical intelligence. The report highlights how China-affiliated groups are increasingly involved in cyber-espionage operations linked to Belt and Road infrastructure deals in Argentina, Brazil, and Peru.

Emerging Threats: AI Deepfakes & Spyware Apps

The report flags alarming use cases of AI-driven disinformation, especially around elections and national unrest. Meanwhile, mobile spyware disguised as financial apps, like SpyLoan, is spreading rapidly in Mexico, exploiting vulnerable users and exfiltrating sensitive data.

These threats blur the line between cybercrime and cyberwarfare, creating urgent challenges for regulatory bodies and enterprise CISOs alike.

What Security Teams Must Do Differently in 2025

Cybersecurity teams in LATAM can no longer rely solely on traditional defenses. The report urges organizations to adopt:

Proactive threat intelligence and actor profiling
Credential leak monitoring for compromised accounts
Region-specific threat modeling
Improved incident response coordination

Success in 2025 will depend on whether organizations can combine localized understanding with globally informed threat prevention.

Download Now to Read the Full Report

Want to know which threat actors are most active in your region? Curious about how national policy is impacting cyber resilience?
Download the full LATAM Threat Landscape Report to explore:

Sector-specific attack trends
Nation-state adversary profiles
eCrime group behavior and TTPs
Security strategies tailored for LATAM organizations