Colombia

Colombia’s knowledge economy is modest. Consequently, it isn’t a major target of cyber-enabled IP theft, even though it’s still important for the government to be aware of and maintain defences against the threat of cyber-enabled crimes and IP theft.

ASPI assesses

Colombia

to be

Alert

to state-sponsored acts of cyber-enabled theft of IP.

Author

Johan Caldas

Bogota, Colombia (36668708290) - 2017 CC 2.0 Pedro Szekely

Key Facts

R&D Investments

USD $1.76 billion (2021)

Patent Applications

3,032 (2022)

Cybersecurity Agency

No stand-alone agency

How at risk is

Colombia

Colombia’s modest growth in its knowledge economy and recent efforts to bolster innovation, particularly in IP-intensive sectors such as chemicals and electronics, make it a potential target for economic cyber-espionage. However, the country’s limited investments in R&D, challenges in human-capital development and slow adoption of digital technologies across government and industry sectors make it a less likely target, placing it at a modest risk for such attacks.

To bolster its knowledge economy, the Colombian Government has recently taken several steps: the establishment of the Ministry of Science, Technology and Innovation in 2020 and the introduction of the National Policy on Science, Technology and Innovation 2022–2031, through which the government aims to invest 1% of GDP in R&D, primarily in the bioeconomy. However, those efforts are undermined by endemic challenges for Colombia in meeting human-capital needs, uncompetitive knowledge industries and limited investments in research funding. In 2021, Colombia invested approximately 3.3 billion Colombian pesos in R&D, which amounted to 0.28% of GDP, of which the private sector contributed 1.9 billion pesos. That’s below the Latin American regional average of 0.35%.

Colombia’s international partnerships, particularly with the US, the EU and China, enhance its economic profile but also expose it to modest risks of cyber-enabled IP theft due to the potential targeting of sensitive trade and technological information. The involvement of foreign entities, especially in key sectors such as telecommunications and infrastructure, increases its vulnerability. Colombia maintains close relations with the US, which is its largest trading partner and source of foreign investment. Meanwhile, Colombia’s ties with China have also expanded; it’s now Colombia’s second-largest export partner and largest source of imports. Chinese investments in telecommunications, infrastructure and technology have increased, more than 100 Chinese companies are operating in Colombia, and numerous tenders for major infrastructure projects have been won by Chinese firms. Scientific cooperation with foreign universities and institutes—including those in the US, the EU and China—has largely concentrated on research in vital innovative sectors, including biotechnology, renewable energy, agriculture and creative industries.

How prepared is

Colombia

The foundations of Colombia’s capacity to combat the threat of cyber-enabled IP theft lie in existing IP and cybersecurity legislation and enforcement mechanisms. Colombia has various IP-relevant regulations and legislation, including the Political Constitution and the Criminal Code. Both contain guarantees of IP rights. However, the enforcement of IP rights remains weak, and infringements commonly occur without opportunities for recourse for victims.

Colombia has initiated a series of institutional and legal measures to empower the state’s ability to combat cyber-enabled crimes, such as the Policy Guidelines on Cybersecurity and Cyber Defence, the establishment of a CERT, and the Cybernetic Police Centre. Other policies, such as the 2018 Digital Government Policy and 2020 National Policy on Digital Trust and Security, aimed to strengthen digital security capabilities and governance. But, in practice, law-enforcement entities struggle to clamp down on cybercrime due to human-resource constraints (manpower, skills and expertise) and an unclear cyber governance landscape.

Colombia has multiple institutions overseeing cybersecurity, including the Presidential Advisor for Economic Matters and Digital Transformation and the Ministry of Information and Communication Technologies. However, the country lacks effective cybersecurity coordination, resulting in policy fragmentation. In the light of those limitations, the government has used international relationships for capacity building and in the search for standards. Colombia participates in international cyber-defence exercises and has acceded to the Budapest Convention on Cybercrime. The country is also home to the Digital Alliance between the EU, Latin America and the Caribbean, aimed at fostering safe digital infrastructures and democratic environments. Those engagements don’t focus specifically on cyber-enabled IP theft but provide the government with needed capacity-building and information-sharing opportunities to build defences against that threat.

Reported cases of economic cyber-espionage

Name of Incident

Victims (entities)

Sectors Affected

Affected economies

Threat Actor

Alleged state sponsor

Date reported

Ke3chang (APT15)

Government agencies, military organizations, energy companies, and financial institutions.

Aerospace, Aviation, Chemical, Defence, Energy, Government, High-Tech, Industrial, Manufacturing, Mining, Oil and gas, Telecommunication, Utilities and Civil Society

56 countries, including Argentina, Barbados, Brazil, Chile, Colombia, Dominican Republic, Ecuador, El Salvador, Guatemala, Honduras, Jamaica, Mexico, Panama, Peru, Trinidad and Tobago, Venezuela

Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon

China

2010 (first seen in Latin America in 2019)

Context

Ke3chang is a hacking group that is suspected to have affiliations to the Chinese state. The group has been active since at least 2010 and has targeted a diverse range of entities, ranging from government to industry, like aerospace and energy. Their tactics have evolved over time, utilizing various malware families such as Mirage and BS2005. The campaign has traditionally focused on Asian targets but have now moved on to focus on Latin America, particularly since 2017, when a series of cyber intrusions that affected foreign ministries, government agencies, and corporations in Chile, Guatemala, and Brazil were attributed to them. Since then, there has been a number of cyber incidents linked back to Ke3chang. Between September 19th and December 2021, MSTIC observed APT15 operations across several countries in Europe, Africa, and America, including Argentina, Brazil, Columbia, Mexico, and Peru. APT15 established long-term access and was able to schedule regular data exfiltration. MSTIC assesses this activity is in pursuit of economic and traditional intelligence collection objectives and will continue as China extends its BRI initiative. In December 2021, Microsoft’s legal team announced that they had obtained a court warrant that allowed it to seize 42 domains used by APT15. Meanwhile, between late 2022 and early 2023, APT15 leveraged a new backdoor called Backdoor.Graphican against the Americas, one European victim, and a corporation that sells products in Central and South America. While Latin America has historically been relatively free of APT attacks, Ke3chang has changed the dynamics and emerged as the highest profile hacking group focused on Latin American entities.

Economic objectives

Assets stolen

Intellectual property, including sensitive business information.

Attribution

Microsoft; ESET

Governments' response

None

Sources

Level of confidence

High Confidence (8 out of 12)

Private entities are a majority of known sectors targeted in the intrusion. (2 points)
Commercial data are likely to have been targeted (2 points)
APT actor has some history of stealing IP and other commercially valuable data. (2 points)
No concrete evidence that data stolen was used to aid domestic private businesses of malign state, but data stolen likely aligns with malign state's industrial policies (2 points)

Office

40 Macquarie Street
Barton ACT 2600

Contact

Ph: +61 2 6270 5100

E: enquiries@aspi.org.au

Explore

Home About Country Profiles Insights Media Case Repository