Skip to content
.ca
sign in
Work being done in the backend.
4 minmedium

Risk Scenarios for the US’s Strategic Pivot

Recorded Future analyzes the cyber and geopolitical risks associated with the US strategic pivot toward the Western Hemisphere. The shift, characterized by increased military intervention against transnational criminal organizations, presents three potential scenarios that elevate risks of state-sponsored espionage, industrialized cybercrime, and the proliferation of commercial spyware and surveillance infrastructure.

Conf:mediumAnalyzed:2026-04-30reports

Authors: Recorded Future

ActorsChinese state-sponsored actorsRussian state-sponsored actorsTransnational Criminal OrganizationsJalisco New Generation Cartel
GeopoliticsCybercrimeSurveillanceState-SponsoredLatin America

Source:Recorded Future

What Happened

The United States is changing its security strategy to focus more heavily on Latin America and the Caribbean, using military force against cartels and pushing back against Chinese and Russian influence. This shift could lead to different outcomes, ranging from fragile stability to increased criminal power or a stronger regional alliance with China. For businesses and individuals, this matters because it increases the risk of cyber attacks, internet blackouts, and widespread financial fraud. Organizations operating in the region should strengthen their cybersecurity defenses, prepare for sudden changes in data laws, and have backup plans for internet or supply chain disruptions.

Key Takeaways

  • The US is shifting its security strategy to the Western Hemisphere, increasing military action against transnational criminal organizations (TCOs).
  • Three potential geopolitical scenarios emerge: authoritarian stability, criminal expansion, or an accelerated regional pivot to China.
  • Cyber risks include increased state-sponsored espionage by China and Russia targeting US assets in telecommunications and energy.
  • Cartel-driven industrialized cybercrime, including fraud and cryptocurrency theft, may scale up in under-governed regions.
  • LATAM governments are likely to increase their use of commercial spyware, internet blackouts, and surveillance infrastructure.

Affected Systems

  • Telecommunications infrastructure
  • Energy sector
  • Cloud environments
  • Multinational supply chains

Attack Chain

This report details strategic geopolitical scenarios rather than a specific tactical attack chain. However, the anticipated threat landscape involves state-sponsored actors targeting telecommunications and energy sectors for espionage, while transnational criminal organizations scale up industrialized cybercrime such as fraud and cryptocurrency theft. Additionally, regional governments are expected to increasingly deploy commercial spyware and internet blackouts to maintain control.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No specific detection rules or queries are provided in this strategic intelligence report.

Detection Engineering Assessment

EDR Visibility: None — The report provides strategic geopolitical forecasting and does not contain tactical indicators or malware behaviors observable by EDR. Network Visibility: None — No specific network indicators, C2 domains, or traffic patterns are detailed in the report. Detection Difficulty: Very Hard — The threats described are high-level strategic risks (state espionage, cartel cybercrime, government surveillance) without specific technical signatures or behaviors to detect.

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
State-sponsored actors may increasingly target telecommunications and energy infrastructure in LATAM for espionage and strategic positioning.Network flow logs, VPN authentication logs, and perimeter firewall trafficInitial AccessHigh
Industrialized cybercrime operations originating from LATAM may generate localized fraud and cryptocurrency theft campaigns targeting English, Spanish, and Portuguese speakers.Email gateway logs, web proxy logs, and application transaction logsImpactHigh

Control Gaps

  • Lack of visibility into commercial spyware deployment on mobile devices
  • Vulnerability to state-level internet blackouts and infrastructure disruptions
  • Exposure to diverging data sovereignty and localization regulations

Recommendations

Immediate Mitigation

  • Conduct risk assessments for operations, assets, and third-party vendors located in Latin America and the Caribbean.

Infrastructure Hardening

  • Enhance monitoring and defenses for critical infrastructure, telecommunications, and cloud environments.
  • Establish localized data storage and flexible compliance frameworks to adapt to diverging data sovereignty laws.

User Protection

  • Implement robust mobile device management (MDM) and mobile threat defense (MTD) to mitigate the risk of commercial spyware.

Security Awareness

  • Develop scenario-based contingency plans for political instability, internet outages, and supply-chain interruptions.
  • Train employees on the heightened risk of localized fraud, extortion attempts, and surveillance.

MITRE ATT&CK Mapping

  • T1498 - Network Denial of Service
  • T1589 - Gather Victim Identity Information

Related