Cyber Incident Victim: Ministerio de Relaciones Exteriores de Cuba
Date:
Jul 2025
Location:
Cuba
Summary
The Ministerio de Relaciones Exteriores de Cuba reported a malicious compromise of its official YouTube channel, characterizing the incident as cybercrime and part of ongoing digital harassment campaigns targeting Cuban institutions. Unauthorized content published during the breach was disavowed as unrepresentative of government positions, with technical efforts underway to restore control, enhance security, and prevent recurrence. This follows prior cyberattacks against the ministry’s digital infrastructure, including website disruptions through coordinated denial-of-service assaults aimed at overwhelming servers, which authorities attribute to unconventional warfare strategies violating principles of peaceful cyberspace use. The ministry reiterated its rejection of such illicit practices and commitment to defending Cuba’s sovereign digital presence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 7, 2025, Cuba's Ministry of Foreign Affairs (Ministerio de Relaciones Exteriores) publicly disclosed a cybersecurity breach targeting its official YouTube channel. Malicious actors compromised the channel's security controls, though the exact timeframe of unauthorized access remains unspecified in public statements. The ministry characterized the incident as an act of cybercrime and part of a documented pattern of digital harassment against Cuban state institutions. During the period of compromise, attackers published content that the Cuban government explicitly disavowed as misrepresenting official positions. Technical teams coordinated with relevant authorities to regain full administrative control of the channel while implementing enhanced security measures to prevent recurrence. The ministry emphasized its commitment to restoring operational integrity and protecting Cuba's sovereign digital communications platforms from disruptive interference.
This incident reflects an ongoing pattern of cyber operations against Cuban diplomatic digital assets. Historical precedents include a 2021 large-scale attack on the ministry's web servers, where 34 distinct IP addresses generated approximately 10,000 simultaneous connections each in a coordinated denial-of-service attempt. That incident produced 580,000 fraudulent access attempts within 30 minutes—far exceeding normal traffic volumes—and temporarily degraded international server responsiveness. Parallel attacks targeted the Cubavsbloqueo website, with forensic analysis tracing most malicious traffic to U.S.-based IP addresses. Foreign Minister Bruno Rodríguez subsequently denounced December 2022 cyberattacks against ministerial web infrastructure as components of broader unconventional warfare tactics. The Cuban government consistently frames these incidents as systematic violations of international cyber norms designed to disrupt diplomatic communications and undermine institutional credibility through digital means.