jalisco_new_generation_cartel
The Jalisco New Generation Cartel (Cártel de Jalisco Nueva Generación; CJNG) is a Mexico-based transnational criminal organization. The content identifies Nemesio Rubén Oseguera Cervantes, alias "El Mencho," as the former head of CJNG, and states that his killing in a Mexican military operation on February 22, 2026 was followed by violent incidents in Guadalajara, Jalisco, including shootouts with security forces and roadblocks linked to organized crime. The reporting assesses transnational criminal organizations as a major physical security threat in Mexico, particularly around Guadalajara, with risks including theft, extortion, express kidnapping, fraud, transport disruption, and cartel-linked violence. Separate FBI and FinCEN-linked reporting in the content states that timeshare fraud schemes have been linked to CJNG in Mexico, including telemarketing, impersonation, and advance-fee fraud targeting timeshare owners, and that proceeds from these schemes are used to diversify revenue and finance other criminal activities, including illicit fentanyl and other synthetic drug trafficking into the United States. The content also notes reporting that some Mexican cartels obtained access to commercial spyware with police assistance, but does not attribute that specifically to CJNG. Known aliases directly mentioned in the content are Jalisco New Generation Cartel, Cártel de Jalisco Nueva Generación, and CJNG.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Transportation
- Consumer Services
Where they target
Geographies tied to known operations.
- 🇲🇽 Mexico
Where they're from
Attributed origin per open-source reporting.
- MX
Tradecraft
9 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Observables
15 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Mexico-based transnational criminal organization assessed as a persistent physical security threat around the 2026 FIFA World Cup, particularly in Guadalajara and transit corridors. The group is described as capable of disruptive acts such as road blockades, arson attacks, and coordinated armed confrontations.
A Mexico-based transnational criminal organization assessed as a persistent physical security threat around the World Cup, capable of disruptive acts such as road blockades, arson attacks, and coordinated armed confrontations that could affect mobility and logistics.
Linked by FBI/FinCEN to Mexico-based boiler-room style call centers running complex, long-running timeshare telemarketing/impersonation/advance-fee fraud schemes; proceeds used to diversify revenue and finance other criminal activity (including fentanyl/synthetic drug manufacturing and trafficking).
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.