Cyber-attacks against Venezuela: their scope and technical dimensions

Cybersecurity has become a central element in Venezuela, in a context where computer attacks have not ceased since the presidential elections.



The report provided by the Minister of Science and Technology, Gabriela Jiménez, during the Council of State and the National Defense Council on August 12 warns the entire Venezuelan population of this scenario in which vulnerabilities of the national technological system are exploited.

Since July 28, basically all the country’s institutions have been under attack, including the Presidency of the Republic, the National Electoral Council (CNE) and CANTV, among others. Specifically, “25 institutions have been affected and 40 more are currently under investigation”, stated Jiménez.

Several analysts and computer technicians, among them the academic Víctor Theoktisto and the technologist Kenny Ossa, have expressed the opinion that this is an unprecedented cyber-attack in the country. Not only because of its consequences, which are in sight and are part of the coup agenda, but also because of the volume and multiplicity of the aggression.

With the purpose of increasing the levels of protection of the Venezuelan IT and technological system, President Nicolás Maduro created the National Cybersecurity Council.

In detail

Minister Jiménez offered the following data on the types of cyber-attacks so far:

  • 65% have been Distributed Denial of Service (DDoS), and have affected servers of State institutions and international links that serve the country’s internet.
  • 17% consists of information theft through emails with malicious software.
  • 6.9% of DNS extension.
  • 3.45% are hijacking of BGP routes.
  • 3.44% for defacement of web pages.

“On the weekend [August 9-11] we observed hijacking of CANTV IPs. The IPs are falsified and when users want to link to any of the services, they get a completely different portal and the servers collapse as a whole,” she indicated.

She also highlighted that in the last two weeks there have been peaks of 30 million computer attacks per minute, a scale that coincides with Ossa’s statement, who affirms that DDoS in Venezuela have reached peaks of 700 gigabytes per second, the largest offensive on record if compared to Google’s reports up to 2020.

The green bars indicate the number of cyber-attacks per minute. (Photo: Mincyt)

The report of the US company Netscout, published on July 31, refers to a high traffic of computer data to Venezuela from abroad, mainly malicious through DNS extension and IP fragmentation, as of July 29. It also confirms that the incidents are characterized more by frequency than by the volume of impact.

The same cybersecurity company comments:

“Almost all attacks against Venezuela on the days in question targeted a singular telecommunications provider. Within the telco’s network, two distinct /24 CIDR blocks were attacked simultaneously, which we call pervasive bombardment DDoS, a method of targeting DDoS attacks that directs attack traffic broadly across the network topology. Based on a cursory review of the political landscape, we determined that the party claiming victory in the Venezuelan elections hosts its infrastructure on the same targeted telecommunications network.”

What Netscout refers to corresponds with the technical explanation provided by Minister Jimenez, who also informed that CANTV’s telecommunications service provider, Columbus, reported that the volume of traffic is five times higher than what can be supported by the IT structure in Venezuela.

Foreign origin

The evidence shows that this is a repetitive and complex cyber-attack whose origin, in principle, was located in North Macedonia – where the cybernetic commands of the Pentagon and NATO operate without restrictions -, however, as Theoktisto interprets it, this country was only the “last exit point” recorded since “we know that this was only a bridge for VPN from other places, that is, the attackers were probably in another country but used VPN networks or took over computers in North Macedonia to carry out the attack”.

For both the IT expert and Minister Jimenez, there must be governmental backing, according to the analysis of the volume, incidence, duration and infrastructural capacity of the aggression. According to the ministerial report:

  • 98% of attacks are done through bot farm services with desktop computers.
  • Less than 2% with mobile technology platforms.
How much does a DDoS attack cost? Photo: Mincyt

The high magnitude and duration of the onslaughts suggests that a great economic and technological power is at the controls of the cyberwar against Venezuela. However, the trail is diffuse and the authorship is still vague, although suspicions that the United States, due to its operational and financial capacity, could be behind the cyber offensive are gaining strength.

The institutional response

The technical sophistication of the attacks has overwhelmed the cybersecurity in place in Venezuela, a situation that has merited an unprecedented state response.

With the investigations still in progress, President Maduro approved the creation of the National Cybersecurity Council, a body suggested by the Ministry of Science and Technology (Mincyt) itself to “attend to all the development of the Republic in this matter and strengthen all these technological platforms, understanding that there are already countries that have dedicated important efforts to warlike actions to violate republics such as ours”, explained Jiménez.

Although the Ministry of Science and Technology has a National Cybersecurity Plan, whose protocol was activated for the mitigation of attacks -as informed by the Minister-, with the National Cybersecurity Council the Venezuelan State is taking actions that will not only respond to the current situation but will also address future challenges in this matter, taking into account that cyberspace is one of the central domains of the new hybrid wars.

Through its technological empire, where the origins of the Internet are interlaced by the military industry and financial profit, the United States maintains global digital hegemony and establishes it through the companies of Elon Musk, Mark Zuckerberg, and Jeff Bezos, among other technological oligarchs, whose services make up an ecosystem proper to American surveillance capitalism, consumed by the majority of the world’s population.

The United States itself has a National Cybersecurity Strategy, issued in 2023, effective through the multiple agencies and institutions it owns such as the National Security Agency (NSA) and the Pentagon’s Cyber Command, and which gives meaning to its cyber actions around the world.

Similarly, China and Russia have legal and regulatory frameworks, institutional structures, military capabilities, public-private partnerships and international conventions on the cyber domain, which address the main challenges that their top competitors (the United States and NATO) have imposed on the field.

Even BRICS has a cybersecurity chapter (CyberBrics), which pays attention to the national priorities of each member country, while developing mechanisms for international cooperation in the field.

Thus, a Venezuelan National Cybersecurity Council, in the present context, has a relevance that forces state decision-makers to formulate policies that protect the technological (infra)structure that sustains the services of the institutions.

The State, thus, begins to take political-institutional measures in a domain that was once relegated to the background and with respect to which it took a rather passive stance, until the signing of the decree on August 12, creating the national cybersecurity entity.

The decision making in this sense corresponds with a symmetrical response to the agenda of María Corina Machado and Edmundo González Urrutia, who have taken advantage of the vulnerabilities of the Venezuelan computer system, the corporate support of Musk and the foreign cyber attacks that make up one of the central areas of the coup plan still underway.

Comments