Major Mexican Firms Hit in Financial Cyberattack Surge

• Cyberattacks surge on Mexican institutions.
• AllaKore RAT targets banks and major companies.
• Urgent collaboration needed for stronger cybersecurity.

Blackberry’s research and intelligence division has issued a warning about a significant surge in financially motivated cyberattacks targeting high-net-worth Mexican cryptocurrency exchanges, banks, and large companies with over $100 million in gross revenues.

The sophisticated attacks, believed to be orchestrated by threat actors based in Latin America, have raised alarms due to their advanced methodologies and broad impact across various business sectors.

The attackers have been identified using an open-source remote access tool known as AllaKore RAT, heavily modified to facilitate the theft of sensitive user information, including banking credentials and unique authentication data. This pilfered information is then transmitted to a command-and-control server, enabling the perpetrators to carry out financial fraud.

One of the notable aspects of this cyberattack is its method of infiltration, as the attackers strategically install the AllaKore RAT in company-run computers and databases, often disguising their actions behind official naming schemes and links. This stealthy approach has made it challenging to detect the threat, bypassing employees’ suspicion.

While cryptocurrency exchanges and banks have been the primary targets, the cyber threat extends beyond the financial sector. Large Mexican corporations from diverse business verticals, including retail, agriculture, public sector, manufacturing, transportation, commercial services, and capital goods, have also fallen victim to these attacks.

The attackers specifically target companies with gross revenues exceeding $100 million, reporting directly to the Mexican Social Security Institute (IMSS). The use of Mexico Starlink IP addresses further confirms their focus on Mexican entities.

As the attackers refine their tactics, newer iterations of the AllaKore RAT employ a more complex installation process, with the malware delivered within a Microsoft software installer file. Notably, the malware executes only after confirming the victim’s location in Mexico, showcasing a high degree of sophistication in their approach.

The Spanish-language instructions within the modified RAT payload suggest a Latin American connection, adding complexity to the investigation and emphasizing the need for international cooperation to address this cyber threat.

In response to this evolving threat, organizations in the targeted sectors are urged to take proactive measures to enhance cybersecurity protocols, implement robust intrusion detection systems, and provide cybersecurity training to employees. Addressing the issue requires collaborative efforts from both the private and public sectors, with affected companies working closely with law enforcement agencies and cybersecurity experts to investigate and mitigate the damage. Sharing threat intelligence and best practices within the business community is also highlighted as a crucial step to fortify defenses against future attacks.

Also Read

iPhone Shipments Dip 2% in China’s Q4 Amid Huawei Surge

Apple's Q4 2023 iPhone shipments fell 2.1% amid Huawei's 36.2% surge. Huawei...