Cybercriminals associated with China successfully infiltrated the systems of the Cuban embassy in Washington D.C., gaining access to the emails of 68 diplomatic officials, including the ambassador and the deputy chief of mission. This revelation was made public on Wednesday by the cybersecurity firm Gambit Security, as reported by Bloomberg.
The breach, which commenced in January 2026, occurred during a particularly fragile period for the Cuban regime, exacerbated by the Trump administration's decision to halt oil shipments to the island. This action intensified the energy crisis, resulting in widespread blackouts across the country, with power outages lasting up to 25 or 30 hours daily in vast regions.
Exploiting Long-standing Vulnerabilities
According to the investigators, the hackers exploited outdated security flaws in the Microsoft Exchange email servers used by the embassy. These vulnerabilities, neglected for at least five years, allowed the hackers to easily access the complete inboxes of Cuban political and intelligence officials.
“This breach illustrates how global events can fuel cyber activity,” remarked Curtis Simpson, Gambit Security's strategy director, emphasizing the link between international circumstances and such operations.
Impact on Diplomatic Relations
The scope of the espionage is particularly sensitive considering that since February 2026, Havana and Washington have been engaged in high-level diplomatic talks. As part of these negotiations, the Cuban government released over 2,000 political prisoners, a process that might have been partially compromised due to the leaked communications.
For analysts, access to these emails grants Beijing a crucial strategic advantage, enabling it to directly understand the true nature of Cuba-U.S. relations, a bilateral dynamic of significant geopolitical interest.
Wider Regional Impact
The same group of hackers also targeted the Venezuelan government and its Ministry of Foreign Affairs during the same timeframe, indicating a broader operation across the region. Additionally, they exploited another vulnerability in the React development tool, compromising approximately 5,000 servers worldwide in less than a week, including systems belonging to the Texas Department of Health and Human Services and the investment firm Santé Ventures.
This incident adds a layer of complexity to the relationship between Cuba and China. For years, intelligence reports have highlighted the presence of Chinese installations on the island, presumably for espionage activities targeting the United States, at locations like Bejucal, El Wajay, Calabazar, and El Salao. However, this new attack implies that Beijing is also closely monitoring its own allies.
Neither the Cuban embassy in Washington nor the Chinese representation responded to Bloomberg's requests for comments regarding the incident.
Simpson cautioned that such threats could escalate in the near future, particularly with the increasing use of artificial intelligence by attackers. “We talk a lot about new vulnerabilities, but we still haven’t addressed the longstanding flaws that enable these attacks,” he noted.
Understanding the Cybersecurity Breach at the Cuban Embassy
What facilitated the hackers' access to the Cuban embassy's email servers?
The hackers exploited outdated security vulnerabilities in the Microsoft Exchange email servers used by the embassy, which had not been addressed for at least five years.
How does this breach affect China-Cuba relations?
The breach adds complexity to China-Cuba relations by suggesting that China is also monitoring its allies, in addition to its known espionage activities targeting the United States from Cuban soil.
What other entities were targeted by the same group of hackers?
The hackers also targeted the Venezuelan government and its Ministry of Foreign Affairs, as well as exploiting vulnerabilities in the React development tool to compromise systems worldwide, including those in Texas Health and Human Services and Santé Ventures.