Mexico hit by 324 billion cyberattacks in 2024

Mexico City — Mexico has become the second most targeted country in Latin America for cyberattacks, with government institutions serving as the primary focus for criminal hackers, according to new security reports.

The scale of the problem reached unprecedented levels in 2024, with Mexico recording 324 billion cyberattacks according to Fortinet’s global report. The first quarter of 2025 saw an additional 35 billion attacks, breaking previous records.

ESET’s analysis confirms Mexico’s position as a major cybersecurity target in the region, noting constant threats specifically directed at government agencies and public systems.

“Mexico represents a very significant and potentially profitable target for cybercriminals,” said researcher Daniel Cunha Barbosa in an interview, identifying high rates of digital fraud and data hijacking through social engineering tactics.

Recent incidents illustrate the severity of the threat. In late 2025, the group identified as APT Tekir breached the digital infrastructure of the Guanajuato State Prosecutor’s Office, extracting over 250 gigabytes of sensitive information in a ransomware attack that affected internal operations and exposed critical data.

In January, the Chronus hacker group compromised at least 25 federal, state, and educational institutions in one of the most severe incidents recorded in the country. The attack included systems linked to tax and health services, exposing data of approximately 36.5 million people.

Technical reports from Hudson Rock identified vulnerabilities within government systems themselves. An analysis of the gob.mx domain detected 506 compromised credentials associated with infostealer malware, designed to silently steal confidential information including passwords, banking credentials, and files from user browsers and applications.

In November 2024, a ransomware attack against the Presidential Legal Affairs Office exposed nearly 313 gigabytes of files, including administrative records and employee personal data. The operation was attributed to RansomHub, a hacker group linked to Russia with members worldwide whose sole objective is financial gain.

Additional incidents have been reported by authorities and universities, including intrusions into platforms of the National Autonomous University of Mexico (UNAM) and unauthorized access to government databases through “hacking, credential theft, and internal leaks,” according to official reports.

Cybersecurity expert Víctor Ruiz, founder of Silikn, warned that “Mexico is not just facing a series of isolated cyber incidents, but a structural crisis that reveals years of omissions, incomplete decisions, and an alarming lack of political priority in digital matters.”

“The volume and type of compromised data worsen the situation,” Ruiz added. “Full names, email addresses, physical addresses, and phone numbers are now circulating in illegal markets, fueling fraud, extortion, and identity theft schemes.”

The exposure extends beyond institutions to affect citizens directly, with Ruiz noting that “this gap has been exploited by international actors. Recent investigations indicate that cyberattack groups, particularly of Chinese origin, use Mexican organizations as testing grounds to develop and perfect malware.”

“Mexico, in this sense, functions as a ‘laboratory’ where weak defenses allow experimentation without major risks,” the expert concluded.

Cybersecurity Timeline in Mexico

• 1999: November – Federal Penal Code amended to include articles 211 bis 1 to 211 bis 7 criminalizing “computer crimes”
• 2010: May – First Cybercrime Prevention Unit created (later transformed into the SSPC Intelligence Unit); June – National Cybersecurity Incident Response Center established (later administered by the National Guard)
• 2017: August – National Cybersecurity Strategy (ENCS) published as first multisector collaboration document; September – First Cyber Investigation and Technological Operations Unit created within the Federal Prosecutor’s Office
• 2018: November – Mexico-U.S.-Canada Agreement (USMCA) signed establishing telecommunications and digital commerce chapters; December – Andrés Manuel López Obrador administration begins, does not continue ENCS implementation
• 2019: November – Baxico Cybersecurity Strategy updates and adjusts cybersecurity direction for 2024-2027
• 2021: October – Mexico joins Counter Ransomware Initiative (CRI)
• 2022: August – National Homologated Cyber Incident Management Protocol created; first Mexico-U.S. Bilateral Cybersecurity Working Group session held
• 2024: November – Digital Transformation and Telecommunications Agency (ATDT) created as ministerial-level regulatory entity responsible for digital public policy formulation
• 2025: March-April – RFC 2350 CERT-MX document published with contact information, mission, served population, policies and services; National Development Plan 2024 recognizes cybersecurity as national strategic axis; September – ATDT Sectoral Program to strengthen government cybersecurity