Blackberry Identifies Cyber Attacks on Mexican Banks and Crypto Exchanges
Summary:
Blackberry's research division has identified a financially incentivised cyber attacker targeting affluent Mexican banks and cryptocurrency exchanges. The hacker uses a remote access tool, AllaKore RAT, to infiltrate systems, steal sensitive user information, and send it back to a command base for fraudulent activities. Primarily targeting large corporations, the hack emanates mostly from Mexico and appears to be Latin American in origin. An increase in cyber attacks through phishing has led to an uptick in successful fund thefts, stressing the need for users to avoid sharing sensitive information unless it's verified.
The information research division of tech powerhouse Blackberry has identified a financially incentivised cyber attacker who has been exploiting a number of affluent Mexican banks and cryptocurrency exchanges. According to the Blackberry analysis, the attacker strives to filch crucial user data from these banks and cryptocurrency platforms through the use of an open-source remote access tool labelled the AllaKore RAT. This tool infiltrates company databases and systems, typically evading detection by cloaking itself within legitimate names and links. The end goal of the hack is to send the illicitly obtained bank details and unique authorisation data back to a command-and-control (C2) base for fraudulent financial activities. It seems that the hackers primarily aim for large corporations with earnings exceeding $100 million, as these entities often report directly to the Mexican Social Security Institute, or IMSS, as revealed by Blackberry.
The origin of most of these cyber attacks has been traced back to Mexico Starlink IPs. The fact that the modified AllaKore RAT payload incorporates Spanish instructions has led Blackberry to posit that the hacker is likely operating out of Latin America. The updated versions of the AllaKore RAT employ a more intricate installation process, wherein the malicious software is cloaked within a Microsoft software installer (MSI) file, only autostarting once it verifies the current location as Mexico. While larger banks and cryptocurrency services are the primary targets, the same tactics are also being used against major Mexican corporations across various industries, including retail, agriculture, public administration, manufacturing, transport, commercial services, and capital goods.
Despite a marked rise in phishing-triggered cyber attacks and their increasingly successful fund thefts, LiteMail confirmed a hack which resulted in crypto-phishing email attacks worth $3.3M. A situation arose on January 20 when almost 66,000 user contacts from hardware wallet creators, Trezor, were accidentally disclosed in a security breach. Communicating to users, Trezor asserted that no funds had been compromised as a result of this incident and that their device was just as secure as it had been prior to the incident.
At the current point of update, a minimum of 41 users reported having received personalized emails from the attacker who asked for sensitive recovery seed information. In light of the series of data breaches within the crypto sector, investors are strongly recommended to avoid divulging key information unless absolutely assured of its verification.
Published At
1/25/2024 10:02:23 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.