Close Menu
    Facebook X (Twitter) Instagram
    Blue Tech Wave Media
    Facebook X (Twitter) Instagram
    Subscribe
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » Blackberry warns of a $100M cyber threat to Mexican banks
    Blockchain

    Blackberry warns of a $100M cyber threat to Mexican banks

    Sylvia ShenBy Sylvia ShenJanuary 26, 2024Updated:January 31, 2024No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Follow Us
    Google News Flipboard
    IMG_1409
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • Blackberry’s research division detected a financially motivated attacker targeting high-net-worth Mexican banks and cryptocurrency exchanges, with an anticipated theft exceeding $100 million.
    • The attackers are based in Latin America, using the AllaKore RAT to compromise confidential data from banks and crypto exchanges.

    A financially motivated attacker was detected and warned about by the research and intelligence division of Blackberry, a tech behemoth that once dominated the mobile industry. The attacker was targeting many high-net-worth Mexican banks and cryptocurrency exchanges. Attackers may aim to steal more than $100 million in gross revenue, a stat predicted by the threat pattern.

    Who are the targets?

    The targeting, according to Blackberry’s analysis, was unaffected by the industry, and the attackers were primarily interested in major businesses – many of which had annual gross revenues of over $100 million. Blackberry further tracked the companies that the attackers targeted in the retail, agriculture, manufacturing, transportation, public sector, commercial services, capital goods, and banking sectors. Every lure has made use of reputable and safe Mexican government resources, such as the payment mechanism operated by the Social Security Institute in Mexico.

    Blackberry discovered that an open-source remote access tool called AllaKore RAT was being used to steal confidential user data from banks and cryptocurrency trading firms. By hiding behind legitimate naming schemes and linkages, the danger frequently bypasses employees’ suspicions by installing the program in company-run systems and databases.

    The majority of the assaults were traced back to IP addresses owned by Mexico Starlink. Blackberry also came to the conclusion that the threat actor is headquartered in Latin America due to the changed RAT payload’s usage of instructions written in Spanish.

    This threat actor has been targeting Mexican companies since at least late 2021. A Mexico-focused threat actor known as FIN13 was the subject of an investigation report published in December 2021 by the American cybersecurity company Mandiant. According to the research, only two threat actors targeted a single nation over an extended period of time. Out of the organizations mentioned, just 14 remain financially motivated after more than a year. This threat actor stands out by specifically focusing on particular regions and demonstrating persistence in its actions.

    Also read: How to enhance cybersecurity after the Australian State Court database breach?

    What is AllaKore RAT?

    AllaKore RAT is a simple, open-source remote access tool. It was initially noticed in 2015, and in May 2023, the threat group SideCopy employed it to penetrate companies in a particular region. AllaKore is incredibly powerful; it can upload and download files, keylog, grab screen captures, and even take remote control of the victim’s computer.

    The installation procedure for the most recent versions of AllaKore RAT is more involved; the program is sent to the targets in the form of a Microsoft software installer file. The malware doesn’t start working until it has verified that the victim is in Mexico.

    Blackberry’s report explained: “The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a commond-and-control (C2) server for the purposes of financial fraud. ”

    Also read: The cybersecurity risks of smart devices: A comprehensive guide

    Blackberry IMSS Madiant Mexico
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Sylvia Shen

      Sylvia Shen is an editorial assistant at Blue Tech Wave specialising in Fintech and Blockchain. She graduated from the University of California, Davis. Send tips to s.shen@btw.media.

      Related Posts

      Alchemy Pay backs stablecoins as future of online settlement

      June 30, 2025

      Vitalik Buterin supports privacy-preserving zk ID systems for Web3

      June 30, 2025

      Mexico hits Telcel with $94M fine over SIM-card monopoly scandal

      June 19, 2025
      Add A Comment
      Leave A Reply Cancel Reply

      Subscribe to Updates

      Get the latest creative news from FooBar about art, design and business.

      Facebook X (Twitter) Instagram YouTube LinkedIn TikTok
      © 2025 ThemeSphere. Designed by ThemeSphere.

      Type above and press Enter to search. Press Esc to cancel.