According to a recent research report disclosed by the cybersecurity company Gambit Security, Chinese hackers have infiltrated the email system of the Cuban Embassy in Washington D.C., monitoring the email communications of 68 diplomats over a long period of time.
The intrusion by Chinese hackers started as early as January 2026, and they managed to obtain complete email communication records of 68 Cuban diplomats, including the Cuban Ambassador and Deputy Chief of Mission, as reported by Bloomberg on Wednesday (April 30).
The timing of this cyber intrusion is particularly sensitive, occurring amidst heightened geopolitical tensions. The Trump administration had just announced a complete halt to oil shipments to Cuba, leading to a severe nationwide power outage crisis with some areas experiencing blackouts lasting 25 to 30 hours.
Additionally, this hacking incident coincides with the United States’ sudden actions in Venezuela.
An investigation by cybersecurity firm Gambit Security revealed that the hackers exploited a relatively simple method: the Cuban Embassy was still using an outdated version of Microsoft Exchange email server that had been declared to have security vulnerabilities five years ago. This allowed the hackers to bypass security measures and download complete email archives of political and intelligence officials.
Curtis Simpson, Chief Strategy Officer of Gambit Security, stated, “This attack illustrates that sensitive international events will drive a significant increase in cyber intrusion activities.”
The leaked contents of the Cuban diplomatic emails have raised concerns as Cuba and the United States have been engaged in high-level diplomatic negotiations since February 2026, with the Cuban government agreeing to release over two thousand political prisoners recently.
Security analysts have warned that the stolen emails may have exposed sensitive details of the negotiations, enabling Beijing to directly influence the direction of US-Cuba relations without the need for any indirect channels of contact.
It is noteworthy that Western intelligence reports have long indicated that China has electronic eavesdropping facilities in various locations in Cuba, including Bejucal. The hacking attack targeting Cuban diplomatic communications indicates Beijing’s active monitoring of its strategic partner.
Gambit Security also pointed out that the same group of hackers targeted the Venezuelan government and its foreign ministry during the same period, demonstrating a large-scale regional surveillance operation targeting multiple Latin American countries’ governments.
Furthermore, the hackers exploited a vulnerability in the widely used React development tool, infiltrating around five thousand servers globally within a week of the vulnerability being disclosed. Victims of this attack include the Texas Department of State Health Services and the biotech investment firm Santé Ventures among other institutions and companies.
Simpson further warned that with hackers incorporating artificial intelligence (AI) into their arsenal, the rapid exploitation of known security vulnerabilities will further worsen.
He stated, “While we discuss many new security vulnerabilities, we still have not addressed the fundamental flaws that have persisted long-term and led to these invasion events.”
Gambit Security predicts that the number of large-scale cyber attacks supported by national regimes is expected to continue to rise.