Key takeaways:
- Blackberry’s research and intelligence division warned about a financially motivated attacker focusing on multiple high-net-worth Mexican banks and crypto exchanges.
- Attackers appear to primarily target major organizations with gross revenues over $100 million, according to the threat pattern.
The research and intelligence division of Blackberry, a digital behemoth that once controlled the mobile industry, discovered and warned about a financially motivated attacker that was focusing on multiple high-net-worth Mexican banks and cryptocurrency exchanges.
An assault was discovered by Blackberry that used an open-source remote access tool called AllaKore RAT to try and obtain private user data from banks and cryptocurrency trading platforms.
Using official naming schemes and linkages, the danger often eludes employees’ suspicions by infiltrating company-run computers and databases and installing the program there. Additionally, the report stated:
“The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud.”
Attackers appear to primarily target major organizations with gross revenues over $100 million, according to the threat pattern. Blackberry mentioned that these businesses submit their reports directly to the Mexican Social Security Institute (IMSS).
Mexico Starlink’s IP addresses were linked to most of the attacks. Furthermore, Blackberry deduced that the threat actor is located in Latin America based on the enhanced RAT payload’s use of instructions written in Spanish.
The latest versions of AllaKore RAT adhere to a more intricate installation procedure, whereby the program is sent to the targets in the form of a Microsoft software installer file. The malware starts to operate only after verifying that Mexico is the victim’s present location.
Nevertheless, the threat’s reach extends beyond big banks and cryptocurrency trading platforms. Large Mexican firms operating in retail, agriculture, the public sector, manufacturing, transportation, commercial services, and capital goods are the targets of the same strategy.
Basic phishing assaults are becoming more frequent, and they also have a higher success rate of stealing money. A security compromise on January 20 exposed the contact details of around 66,000 users of Trezor, a producer of hardware wallets. Trezor warned the users, saying:
“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday.”
The attacker had sent direct emails to at least 41 users asking for private information on their recovery seeds. Given the abundance of data breaches throughout the cryptocurrency space, investors are recommended to hold off on disclosing private information until it has been validated.
Hackers accessed 117 accounts by focusing on crypto-related accounts linked to the mailing service. MailerLite said it was a social engineering attempt against a customer service representative.
