Security experts from ESET reported that a
The group has been active since 2010 and hit military organizations and other high-profile targets worldwide. Since the beginning of 2019, the group
The news variant implements a new set of features, between March and May 2019, ESET observed at least 50 infections.
“ESET has been tracking a new version of Machete (the group’s Python-based
Most of the infections (75%) were located in Venezuela followed by Colombia (16%), the vast majority of the infected systems belonged to the Venezuelan military.
“The Machete group sends very specific emails directly to its victims, and these change from target to target. These emails contain either a link to, or an attachment of, a compressed self-extracting archive that runs the malware and opens a document that serves as a decoy.” continues the report. “To trick unsuspecting targets, Machete operators use real documents they have previously stolen;”
The new variant of the malware has many similarities with the samples analyzed by Kaspersky, it implements stealing capabilities, but differences in the way it is delivered and also in the targets. Previous versions of Machete were not so focused on organizations in Latin America.
ESET researchers did not link the Machete group to any specific government, in 2014, Kaspersky experts speculated that the group is composed of Spanish-speaking individuals.
“Various artifacts that we have seen in Machete’s code and the underlying infrastructure lead us to think that this is a Spanish-speaking group.” concludes the report. “The presence of code to
(SecurityAffairs – Machete cyberespionage, hacking)