Blackberry’s research and intelligence division has raised an alarm about a financially motivated attacker focusing on high-net-worth Mexican banks and cryptocurrency exchanges. The revelation sheds light on a sophisticated cyber threat that employs the AllaKore RAT, an open-source remote access tool, in an attempt to compromise private user data.
The attack, detailed in a report, exposes the modus operandi of the AllaKore RAT, which is heavily modified to facilitate the sending of stolen banking credentials and unique authentication information to a command-and-control (C2) server for financial fraud.
Notably, the threat actors seem to target major organizations with gross revenues exceeding $100 million, following a discernible pattern. Blackberry highlights that these organizations typically submit reports directly to the Mexican Social Security Institute (IMSS).
The cyber threat’s origin is traced back to Mexico Starlink’s IP addresses, with the enhanced RAT payload employing instructions written in Spanish, suggesting the threat actor’s location in Latin America.
The latest versions of AllaKore RAT exhibit a sophisticated installation procedure, using a Microsoft software installer file. The malware becomes operational only after confirming that the victim is located in Mexico. However, the scope of the threat extends beyond large banks and crypto platforms to encompass significant Mexican firms in various sectors such as retail, agriculture, public services, manufacturing, transportation, commercial services, and capital goods.
Amidst the rise of phishing attacks, Blackberry’s findings underline the increasing success rates of such assaults. The report also cites a recent security compromise involving Trezor, a hardware wallet producer, urging cryptocurrency investors to exercise caution when disclosing private information.
Beyond the crypto space, the report highlights a social engineering attempt against MailerLite, leading to unauthorized access to 117 accounts. The incidents underscore the broader challenges in cybersecurity and the need for heightened vigilance across various industries.
This detailed exposé by Blackberry emphasizes the evolving nature of cyber threats and the importance of robust cybersecurity measures to safeguard financial institutions and businesses against increasingly sophisticated attacks.
