BlackBerry Warns Mexican Bank and Crypto Firms on Potential Security Threat BlackBerry has flagged a potential threat to Mexican banks and cryptocurrency platforms based on hackers’ attempt to deliver a modern version
of Allakore RAT. In a Jan 24 report, BlackBerry’s Research and Intelligence Team
raised concerns about a threat actor targeting financial institutions with Allakore RAT modified to allow hackers send stolen banking details and other key components to the command center for cyber theft. According to the report,
the bad actors are looking for large firms with revenues above $100 million because lures flagged by the research team were sent to firms that report directly to the Mercian Social Security Institute (IMSS).
The reason for targeting large companies directly under the MSSI
is first the financial incentives as these companies are worth more and secondly, the lures deployed use the IMSS links and naming schemas to make legitimate, benign documents during the process. The team also narrowed the bad actors that posed the threat of being based in Latin American countries
because of the use of the Spanish language conveying instructions in the modified payload. The large number
of Mexican Starlink IPs alongside the timeframe in the process also backs up their research team’s claims of bad actors based in the Latin American region.
“This threat actor is specifically targeting Mexican entities, especially large companies with gross revenues over $100M US. All lures have utilized legitimate and benign Mexican government resources, such as the IDSE software update document “guia_de_soluciones_idse.pdf” and the IMSS payment system SIPARE,” the report reads.
Per the report, targeting is wide and not only
at financial services as details were released on firms in Manufacturing, Agriculture, Capital Goods, Banking, Commercial Services, Retail, Transportation, and the Public Sector.
