recommended reading

Behind the Huge Cyberattack Campaign Against Latin American Governments

fotogestoeber/Shutterstock.com

For the past four years, a secret cyber-attack campaign, possibly state-sponsored, has been directed at several Latin American intelligence services, military, embassies and other government institutions. The Moscow-based cyber-security firm Kaspersky Lab, which claims to have unearthed the campaign, has given it a name: El Machete.

According to Kaspersky, the attacks started in 2010. Its Spanish-speaking roots are revealed in the source code of the attackers as well as the nature of the attacked. Most of the attacks’ victims are located in countries like Venezuela, Ecuador, Colombia, Peru, Cuba, and Spain. One target in Russia turned out to be an embassy of a Spanish-speaking country.

Attackers sent e-mails to potential victims with PowerPoint attachments containing pornographic material. Once the victims opened the attachment, their machines were compromised. This is a commonly used tactic known as spear phishing.

The malware that El Machete contains is capable of logging keystrokes; capturing audio from the computer’s microphone; capturing screenshots and geolocation data; taking photos from the computer’s web camera; copying files to a remote server or special USB device; and hijacking the clipboard and capturing information from the target machine.

Dmitry Bestuzhev, head of Kaspersky’s global research and analysis team for Latin America, says the attackers’ identities are unknown, but given the targets, he suspects it is a government actor in the region. That conclusion “is based on the exclusion rule,” Bestuzhev tells Quartz. “There are big players on the market so far: cybercriminals, and they look for money; hacktivists, and they look for media presence; and government[s], who look for secret documents and information like this.”

The data that was targeted, Bestuzhev says, was related to secret dossiers containing sensitive information—this suggests the campaign was not financially motivated. Which country may be the culprit, however, is virtually impossible to say because “the evidence we have doesn’t allow us to make a clear attribution,” says Bestuzhev.

Jen Weedon, who manages threat intelligence at the global cybersecurity company FireEye, agrees that there probably is a state actor at play. She says the types of targets chosen and malware used are “consistent [with what] another government would utilize or [with] an NGO paid by a government to do it.”

Kaspersky believes the El Machete campaign may still be active, but says that can’t be confirmed.

Reprinted with permission from Quartz. The original story can be found here

(Image via fotogestoeber/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.