A crafty group of cybercriminals has been relentlessly pursuing Mexican banks, cryptocurrency platforms and other organizations in an extended campaign stretching back over two years. Their weapon of choice? A heavily customized version of the AllaKore remote access trojan (RAT).
These threat actors are ruthlessly targeting any large Mexican enterprise they can get their hands on. With a sweet spot for companies pulling in over $100 million in annual revenue, they're not messing around with small fry. Leveraging legitimate Mexican government resources like IMSS documents as lures, they've invested serious effort into making their campaign look as legit as can be.
With newly added Spanish commands, it has the ability to hoover up banking credentials, authentication data and anything else that smells like money. The stolen data gets fired off to the crooks' shady command-and-control servers to be exploited for financial fraud and other illicit activities.
Slick as these cyber crooks are, they've left a few clues that point to them operating out of Latin America. Bundles of Mexican Starlink IP addresses interacting with their C2 infrastructure and the RAT's consolidated Spanish nomenclature both hint at "donde estan los malos."
This criminal operation is heavily persistent, the attacks have lasted for years of active targeting across multiple industries. From retail and agriculture operations all the way up to finance, transportation and critical infrastructure suppliers, no entity has been safe. It's an unfortunately well-designed criminal scheme that's proving highly resistant to disruption so far.
Whether your company is in Mexico or halfway across the world, this is yet another stark reminder that cyber criminals will stop at nothing to go where the money is. Staying ahead of evolving attack techniques and improving your security awareness training efforts is pivotal to putting the brakes on crooks like these. When millions are on the line, you can't afford not to make cybersecurity a top priority.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
BlackBerry has the full story.
Here's how it works:
