Trends
Blackberry warns of a $100M cyber threat to Mexican banks
Blackberry detected a $100M cyber threat targeting high-net-worth Mexican banks and crypto exchanges.
Headline
Blackberry detected a $100M cyber threat targeting high-net-worth Mexican banks and crypto exchanges.
Context
A financially motivated attacker was detected and warned about by the research and intelligence division of Blackberry, a tech behemoth that once dominated the mobile industry. The attacker was targeting many high-net-worth Mexican banks and cryptocurrency exchanges. Attackers may aim to steal more than $100 million in gross revenue, a stat predicted by the threat pattern . The targeting, according to Blackberry’s analysis , was unaffected by the industry, and the attackers were primarily interested in major businesses – many of which had annual gross revenues of over $100 million. Blackberry further tracked the companies that the attackers targeted in the retail, agriculture, manufacturing, transportation, public sector, commercial services, capital goods, and banking sectors. Every lure has made use of reputable and safe Mexican government resources, such as the payment mechanism operated by the Social Security Institute in Mexico.
Evidence
Pending intelligence enrichment.
Analysis
Blackberry discovered that an open-source remote access tool called AllaKore RAT was being used to steal confidential user data from banks and cryptocurrency trading firms. By hiding behind legitimate naming schemes and linkages, the danger frequently bypasses employees’ suspicions by installing the program in company-run systems and databases. The majority of the assaults were traced back to IP addresses owned by Mexico Starlink. Blackberry also came to the conclusion that the threat actor is headquartered in Latin America due to the changed RAT payload’s usage of instructions written in Spanish. This threat actor has been targeting Mexican companies since at least late 2021. A Mexico-focused threat actor known as FIN13 was the subject of an investigation report published in December 2021 by the American cybersecurity company Mandiant. According to the research, only two threat actors targeted a single nation over an extended period of time. Out of the organizations mentioned, just 14 remain financially motivated after more than a year. This threat actor stands out by specifically focusing on particular regions and demonstrating persistence in its actions. Also read: How to enhance cybersecurity after the Australian State Court database breach?
Key Points
- Blackberry’s research division detected a financially motivated attacker targeting high-net-worth Mexican banks and cryptocurrency exchanges, with an anticipated theft exceeding $100 million.
- The attackers are based in Latin America, using the AllaKore RAT to compromise confidential data from banks and crypto exchanges.
Actions
Pending intelligence enrichment.
