The authors on this report have been independently investigating malware and phishing campaigns in Latin America. Part 1: Packrat’s Seven Years of Activity However, we do not conclusively attribute Packrat to a particular sponsor.
Who is responsible? We assess several scenarios, and consider the most likely to be that Packrat is sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence. It also highlights fake online organizations that Packrat has created in Venezuela and Ecuador. This report brings together many of the pieces of this campaign, from malware and phishing, to command and control infrastructure spread across Latin America. Building on what we had learned about these two campaigns, we then traced the group’s activities back as far as 2008. The targeting in Argentina was discovered when the attackers attempted to compromise the devices of Alberto Nisman and Jorge Lanata. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.Īfter observing a wave of attacks in Ecuador in 2015, we linked these attacks to a campaign active in Argentina in 2014. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil.
0 kommentar(er)
