Tensions between China and Costa Rica have intensified following allegations tied to an ICE cyberattack that Costa Rican authorities say was linked to the cyberespionage group UNC2814. The dispute centers on a breach affecting Costa Rica’s state-run electricity and telecommunications provider and has quickly evolved from a domestic cybersecurity issue into a diplomatic disagreement involving competing narratives and demands for proof.
China has now publicly asked the government of Costa Rica to provide evidence supporting claims that Chinese-linked actors were behind the ICE cyberattack. The request came from Chinese Ambassador Wang Xiaoyao on Friday, one day after Costa Rican officials attributed the breach to UNC2814, a group that cybersecurity researchers have described as a suspected cyberespionage actor with ties to the People’s Republic of China.
China Requests Evidence in ICE Cyberattack Case
Ambassador Wang Xiaoyao said China wants to review any technical evidence related to the ICE cyberattack so the allegations can be verified and, if necessary, addressed through legal channels. According to the ambassador, providing proof would allow the matter to be examined under established legal frameworks rather than through political accusations.
Wang also said that China has been attempting since 2024 to engage Costa Rica in cybersecurity cooperation. The initiatives reportedly included technical consultations, professional exchanges, and other collaborative efforts, but the Chinese side claims it received no response from Costa Rican authorities.
The Chinese embassy added that it proposed using mechanisms linked to the United Nations cybercrime framework to address cybersecurity concerns. It also suggested activating a bilateral joint commission between China and Costa Rica, which, according to the embassy, has not yet convened.
Costa Rica Identifies UNC2814 as Suspected Actor
The diplomatic dispute began after Costa Rican officials revealed details of the ICE cyberattack at a press conference on March 12. Authorities said the Costa Rican Electricity Institute, known as ICE, discovered cyberespionage activity affecting its administrative email systems.
Investigators determined that the intrusion was first detected in late January. During the operation, attackers extracted approximately nine gigabytes of internal email data. Despite the breach, ICE officials stated that electricity generation and telecommunications services remained unaffected.
Marco Acuña Mora, executive president of ICE, said the incident did not disrupt the country’s critical infrastructure. He confirmed that the ICE cyberattack did not compromise sensitive customer information or interrupt services provided to residents of Costa Rica.
The Costa Rican government linked the incident to UNC2814 after receiving intelligence from Mandiant, the cybersecurity division of Google. The information was shared through Costa Rica’s national incident response system, which coordinates cybersecurity investigations involving government institutions.
Global Espionage Campaign Linked to UNC2814
Google had previously reported on the activities of UNC2814, describing the group as a cyberespionage actor it has tracked since 2017. On February 25, the company announced that it had worked with partners to disrupt a global campaign attributed to the group.
According to Google’s analysis, UNC2814 targeted telecommunications providers and government organizations across multiple regions. At the time of the disruption, confirmed intrusions had been identified in 42 countries across four continents.
Costa Rican Minister Paula Bogantes Zamora said the actor responsible for the ICE cyberattack specializes in operations targeting the telecommunications sector. She added that the group has been associated with cyberespionage activities affecting dozens of countries.
China Rejects Allegations
China has firmly rejected the accusations linking it to the ICE cyberattack. The Chinese embassy in Costa Rica said it was “deeply surprised and disappointed” by what it described as unfounded claims made by some Costa Rican officials.
In its statement, the embassy said China had not received any request for evidence or investigative cooperation from the Costa Rican government regarding the ICE cyberattack. It also stated that China has “no interest in the data of Costa Rica” and opposes all forms of cyberattacks.
The embassy further warned against politicizing cybersecurity issues. Chinese officials argued that disputes related to cyber incidents should be handled through dialogue and cooperation rather than public accusations.
The statement also included a broader diplomatic message, warning that “sacrificing relations between China and Costa Rica to please other countries does not gain respect.”
