Close Menu
    Facebook LinkedIn YouTube Instagram X (Twitter)
    Blue Tech Wave Media
    Facebook LinkedIn YouTube Instagram X (Twitter)
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » Blackberry warns of a $100M cyber threat to Mexican banks
    IMG_1409
    Blockchain

    Blackberry warns of a $100M cyber threat to Mexican banks

    By Sylvia ShenJanuary 26, 2024Updated:January 31, 2024No Comments3 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • Blackberry’s research division detected a financially motivated attacker targeting high-net-worth Mexican banks and cryptocurrency exchanges, with an anticipated theft exceeding $100 million.
    • The attackers are based in Latin America, using the AllaKore RAT to compromise confidential data from banks and crypto exchanges.

    A financially motivated attacker was detected and warned about by the research and intelligence division of Blackberry, a tech behemoth that once dominated the mobile industry. The attacker was targeting many high-net-worth Mexican banks and cryptocurrency exchanges. Attackers may aim to steal more than $100 million in gross revenue, a stat predicted by the threat pattern.

    Who are the targets?

    The targeting, according to Blackberry’s analysis, was unaffected by the industry, and the attackers were primarily interested in major businesses – many of which had annual gross revenues of over $100 million. Blackberry further tracked the companies that the attackers targeted in the retail, agriculture, manufacturing, transportation, public sector, commercial services, capital goods, and banking sectors. Every lure has made use of reputable and safe Mexican government resources, such as the payment mechanism operated by the Social Security Institute in Mexico.

    Blackberry discovered that an open-source remote access tool called AllaKore RAT was being used to steal confidential user data from banks and cryptocurrency trading firms. By hiding behind legitimate naming schemes and linkages, the danger frequently bypasses employees’ suspicions by installing the program in company-run systems and databases.

    The majority of the assaults were traced back to IP addresses owned by Mexico Starlink. Blackberry also came to the conclusion that the threat actor is headquartered in Latin America due to the changed RAT payload’s usage of instructions written in Spanish.

    This threat actor has been targeting Mexican companies since at least late 2021. A Mexico-focused threat actor known as FIN13 was the subject of an investigation report published in December 2021 by the American cybersecurity company Mandiant. According to the research, only two threat actors targeted a single nation over an extended period of time. Out of the organizations mentioned, just 14 remain financially motivated after more than a year. This threat actor stands out by specifically focusing on particular regions and demonstrating persistence in its actions.

    Also read: How to enhance cybersecurity after the Australian State Court database breach?

    What is AllaKore RAT?

    AllaKore RAT is a simple, open-source remote access tool. It was initially noticed in 2015, and in May 2023, the threat group SideCopy employed it to penetrate companies in a particular region. AllaKore is incredibly powerful; it can upload and download files, keylog, grab screen captures, and even take remote control of the victim’s computer.

    The installation procedure for the most recent versions of AllaKore RAT is more involved; the program is sent to the targets in the form of a Microsoft software installer file. The malware doesn’t start working until it has verified that the victim is in Mexico.

    Blackberry’s report explained: “The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a commond-and-control (C2) server for the purposes of financial fraud. ”

    Also read: The cybersecurity risks of smart devices: A comprehensive guide

    Blackberry IMSS Madiant Mexico
    Sylvia Shen

    Sylvia Shen is an editorial assistant at Blue Tech Wave specialising in Fintech and Blockchain. She graduated from the University of California, Davis. Send tips to s.shen@btw.media.

    Related Posts

    Interview with Ram Kumar, Cofounder of OpenLedger: Harnessing the $25M funding to shape the future of decentralized AI in China

    July 14, 2025

    $400M cold wallet seized by US Secret Service in scam probe

    July 7, 2025

    Vitalik Buterin proposes EIP-7983 to cap Ethereum transaction gas

    July 7, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    CATEGORIES
    Archives
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023

    Blue Tech Wave (BTW.Media) is a future-facing tech media brand delivering sharp insights, trendspotting, and bold storytelling across digital, social, and video. We translate complexity into clarity—so you’re always ahead of the curve.

    BTW
    • About BTW
    • Contact Us
    • Join Our Team
    TERMS
    • Privacy Policy
    • Cookie Policy
    • Terms of Use
    Facebook X (Twitter) Instagram YouTube LinkedIn

    Type above and press Enter to search. Press Esc to cancel.