Cyber Incident Victim: Bolivarian Republic of Venezuela
Date:
Jan 2026
Location:
Venezuela
Summary
US officials said the extraction of Venezuelan President Nicolas Maduro involved cyberattacks that shut down power in Caracas and disrupted air defense radar. The cyber operation, part of ‘Operation Absolute Resolve’, restored electricity within minutes though some areas near the capture site remained without power for up to 36 hours. Analysis indicated the effort combined cyber tools with kinetic methods such as jamming and graphite bombs, exploiting Venezuela’s already weakened power grid.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2026, U.S. forces conducted the extraction of Venezuelan President Nicolás Maduro under an operation later identified as “Operation Absolute Resolve,” during which cyberattacks were employed to affect Venezuela’s power grid and air defense systems. According to unnamed officials briefed on the matter, hackers acting on behalf of the U.S. government were able to shut off electricity in Caracas and restore it within a few minutes, while also interfering with air defense radar functionality. The cyber disruption was described as limited for most residents, though neighborhoods near the military base where Maduro was captured experienced power loss lasting up to 36 hours. U.S. President Donald Trump later remarked that “the lights of Caracas were largely turned off due to a certain expertise that we have,” a statement interpreted by observers as referencing the cyber component of the operation. Cybersecurity expert Robert Lee of Dragos noted that, from a technical standpoint, the United States possessed the capability to cause such power outages and disrupt air defenses via attacks on operational technology systems, citing prior demonstrations in Ukraine in 2016 and 2017.
In the days following the extraction, mainstream media reports suggested that a kinetic “blackout bomb” might have been responsible for the outages, and Venezuela’s Energy Minister shared a video showing apparent physical damage to power transmission facilities. However, The New York Times later reported that officials confirmed the use of cyber weapons in the operation, indicating a combination of cyber and kinetic effects. The Royal United Services Institute observed that the operation likely relied on layered effects, integrating cyber capabilities with kinetic tools such as jamming and graphite bombs, and highlighted that Venezuela’s power grid was already a strategic vulnerability due to years of infrastructure decay and lack of maintenance. The institute concluded that while cyber may have provided reconnaissance or specific disruptions, the overall success of the operation was underpinned by a multi‑domain approach where kinetic means remained more certain than hacking alone. No further details about detection, containment, or specific response actions beyond the official briefings and subsequent analyses were provided in the source material.