BlackBerry Raises Concerns Over Potential Threat to Mexican Banks and Crypto Firms
BlackBerry’s Research and Intelligence Team has flagged a potential threat to Mexican banks and cryptocurrency platforms. The threat comes from hackers attempting to deliver a modern version of Allakore RAT, which allows them to send stolen banking details and other key components to a command center for cyber theft.
Targeting Large Companies Under the MSSI
The bad actors are specifically targeting large companies with revenues above $100 million, particularly those that report directly to the Mercian Social Security Institute (IMSS). This is because these companies offer greater financial incentives, and the lures deployed use IMSS links and naming schemas to create legitimate documents during the process.
“The Allakore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud.”
Scammers Based in Latin America
The research team believes that the bad actors behind this threat are based in Latin American countries. This is supported by their use of the Spanish language in conveying instructions through the modified payload. Additionally, there is a large number of Mexican Starlink IPs associated with the timeframe of the attacks.
Wide Targeting Across Various Sectors
The targeting is not limited to financial services, as the report reveals that firms in manufacturing, agriculture, capital goods, banking, commercial services, retail, transportation, and the public sector have also been targeted. However, specific functions in the RAT point to a Mexican cryptocurrency broker and six banks domiciled in Mexico as primary targets.
Links with Similar Bad Actors
Prior to BlackBerry’s report, the same bad actors had already targeted firms in Mexico as early as December 2021. This was reported by Mandiant, highlighting a cyber security threat focused on the country. Analysts believe that these scenarios involve similar bad actors due to the limited geographic scope of their targets and the tracking of multiple firms over an extended period.
Hot Take: Protecting Mexican Banks and Crypto Firms from Security Threats
It is crucial for Mexican banks and cryptocurrency firms to be aware of potential security threats and take appropriate measures to protect themselves. The use of advanced malware like Allakore RAT highlights the evolving tactics employed by hackers. Companies should invest in robust cybersecurity systems, regularly update their defenses, and educate employees about the risks of phishing attacks and other malicious activities. By staying vigilant and proactive, financial institutions and crypto platforms can mitigate the risk of cyber theft and safeguard their customers’ assets.
By
By
By
By