On the same day, three Mexican companies were the target of a defacement cyberattack. Their websites were compromised to display a message from Muslim hacktivists who reject being labeled as terrorists and defend Islam as a religion of peace.
"We do not promote terror; we defend our faith and our people with dignity," the hacktivists stated in their announcement. This modus operandi could quickly replicate itself on other websites in Mexico, whether they belong to the business or government sector.
This is the first time that the group DXPLOIT, known for carrying out this type of attack, has targeted Mexican companies. Emerging in October 2024, DXPLOIT has conducted an extensive campaign of cyberattacks in countries such as India, France, Australia, Germany, Taiwan, and Nigeria.
Hassanat Oladeji, a cyber threat intelligence expert, describes DXPLOIT as an emerging hacktivist group that spreads ideological messages through its defacement attacks. The signing of the executive order in January 2025 by U.S. President Donald Trump designating Mexican cartels as foreign terrorist organizations has raised concerns about a possible hardening of global rhetoric against criminal groups.
Although there is no concrete evidence linking the wave of attacks in Mexico to Trump's announcement, experts fear it may contribute to reinforcing stigmas against Muslim communities, unjustly associating them with terrorism.
DXPLOIT has attacked the websites of Eco-Wise, Kulens Lighting, and Alpin Led, companies dedicated to the lighting and energy efficiency sector. The group aims to defend human rights, demand justice, and promote a peaceful image of Islam, attacking various sectors such as finance, education, legal, health, and entertainment.
DXPLOIT's modus operandi consists of identifying websites with known vulnerabilities and, once a breach is found, inserting a political message that replaces the original content of the page. As a result, users can be redirected to dangerous sites, facilitating the spread of malware.
Victor Ruiz, a cybersecurity expert, warns that attacks could increase in the short term, given the number of websites in Mexico with minimal or non-existent defenses. These attacks reflect security failures that could facilitate unauthorized access to sensitive information and other advanced cyberattacks.
This attack occurred at a delicate moment internationally and does not seem to aim for a direct economic impact, but rather to spread DXPLOIT's message to a new audience. Defacement attacks, usually considered minor, actually represent a serious threat by compromising the reputation and trust of organizations by exposing vulnerabilities in their digital security.
