Full Report
For decades, Cuba’s proximity to the United States has made the island strategically valuable for foreign intelligence collection. Recent warnings from senior U.S. officials about expanding Chinese and Russian intelligence activities have once again drawn attention to Cuba’s role in supporting those efforts just 90 miles from U.S. shores. In 2024, CSIS identified four Cuban sites featuring equipment that could support…
Analysis Summary
# Threat Actor: Chinese & Russian Intelligence Services (Cuba-based)
## Attribution & Identity
* **Primary Actors:** People’s Republic of China (PRC) and Russian Federation intelligence services.
* **Aliases/Associated Groups:** Not explicitly named in the article by specific APT designations, but linked to military/state intelligence agencies.
* **Local Partners:** Government of Cuba (acting as a host and strategic facilitator).
## Activity Summary
The reporting highlights significant expansion and modernization of signals intelligence (SIGINT) infrastructure across Cuba through 2024–2026.
* **Bejucal Site:** Recent construction has been completed on a new, large Circularly Disposed Antenna Array (CDAA) near Havana.
* **Expansion (2024–2025):** CSIS identified four key sites with equipment capable of supporting SIGINT collection, with two sites showing major development or shifts in construction activity.
* **Strategic Positioning:** Utilization of Cuba’s geographic proximity (90 miles from the U.S. coast) to monitor sensitive communications and electronic signatures.
## Tactics, Techniques & Procedures
* **Signals Intelligence (SIGINT) Collection:** Interception of radio frequencies, satellite communications, and other electronic emissions.
* **Infrastructure Modernization:** Deployment of Circularly Disposed Antenna Arrays (CDAA), which are specialized for high-frequency direction finding and wide-area signal interception.
* **Strategic Hosting:** Utilizing third-party sovereign territory (Cuba) to bypass terrestrial limitations and gain proximity to the target's domestic communications.
* **MITRE ATT&CK Mapping:** While not explicitly ID'd in the article, this activity corresponds to:
* **T1597:** Search Closed Sources (Strategic Intelligence)
* **T1200:** Hardware Additions (Physical installation of SIGINT arrays)
## Targeting
* **Sectors:** Defense, Government, Aerospace, and Private Telecommunications.
* **Geography:** United States (primarily the Southeastern U.S. and coastal regions).
* **Victims:** U.S. military installations, space launch facilities (e.g., Florida-based sites), and sensitive governmental communications originating from the U.S. mainland.
## Tools & Infrastructure
* **Physical Infrastructure:**
* Bejucal SIGINT base.
* Circularly Disposed Antenna Arrays (CDAA).
* Satellite monitoring stations.
* **Host Countries:** Cuba.
## Implications
* **National Security:** Enables foreign adversaries to monitor U.S. military exercises, naval movements, and classified communications in real-time.
* **Geopolitical Strategy:** Solidifies a permanent intelligence-sharing foothold for China and Russia in the Western Hemisphere.
* **Electronic Warfare:** These facilities likely provide the foundation for future Electronic Warfare (EW) capabilities, including signal jamming or spoofing, in the event of a conflict.
## Mitigations
* **Encryption:** Accelerated adoption of Post-Quantum Cryptography (PQC) and end-to-end encryption for all sensitive government and critical infrastructure communications.
* **Operational Security (OPSEC):** Enhanced OPSEC protocols for military and government personnel operating in the Southeastern United States to minimize "loud" electronic signatures.
* **Frequency Management:** Implementing advanced signal-hopping and frequency-agile communication systems to complicate interception efforts by static antenna arrays.
* **Diplomatic/Economic Pressure:** Leveraging diplomatic channels to increase the cost for the Cuban government to host foreign intelligence assets.