“Narco” criminal organizations are increasingly engaging in sophisticated 

cyber attacks for profit, security, and influence, including using malware to breach banking systems, leveraging the dark web for drug sales, and using cryptocurrency for money laundering. These groups, sometimes referred to as “cyber-cartels” or “Russian cyber narcos,” pose significant national security threats. 

Key Cyber Activities and Methods

• Financial Cybercrime: Mexican and Russian criminal groups use malware to attack ATMs and breach banking systems for illicit funds. They rely heavily on cryptocurrencies like Bitcoin to launder money, complicating tracking by financial authorities.
• Data Exploitation and Intimidation: Cartels use technology for doxxing, surveillance, and to gather intelligence on law enforcement and rivals. In one instance, a hacker was hired to penetrate port IT networks in Europe to facilitate cocaine smuggling by identifying ideal containers for hiding contraband. Leaked information from hacked systems has reportedly been used to intimidate and kill confidential sources and witnesses.
• Infrastructure Control: Cartels have attempted to establish control over physical and digital infrastructure. In Michoacan, Mexico, a cartel (identified by local media as Los Viagras) set up its own “narco-antennas” to provide makeshift Wi-Fi services and threatened residents with death if they did not pay excessive fees. Cartels have also built their own cellular infrastructure to avoid government surveillance and location tracking.
• Dark Web Markets: Criminal organizations use the dark web to locate buyers for large-scale drug shipments and to source synthetic opioids from places like China. Russian-language sites are estimated to control a significant majority of online drug sales.
• Operational Technology: Advanced technologies are leveraged for operational purposes. Examples include using AI to analyze law enforcement patterns for “smart routing” of drug shipments, and using drones for surveillance and transporting narcotics.
• “Cybercrime as a Service” (CaaS): Mexican cartels are participating in the growing CaaS economy, leveraging specialized hacking services to infiltrate government and commercial entities. Ransomware gangs have also formed cartels to share techniques and infrastructure. 

Response and Impact

The increasing use of cyber methods by “narco” groups has prompted responses from governments:

• The U.S. government is focusing on a comprehensive interagency approach involving the FBI, the Department of Defense, and others to conduct threat assessments and counter these cyber-cartels.
• The U.S. has also conducted military operations, such as “Operation Southern Spear,” to kinetically strike alleged “narco-terrorist” vessels, a move that has drawn debate regarding legal authority and congressional approval.
• The U.S. Department of Justice has charged cartel leaders with narco-terrorism, a designation that broadens the scope of available enforcement tools. 

These developments indicate a shift in the nature of transnational organized crime, blurring the lines between traditional narcotics trafficking, cybercrime, and terrorism, and posing complex challenges to national security.