Revealed: Mystery 7-year cyberspy campaign in Latin America

Bogus propaganda websites punt malware to likely marks

22 Reg comments Got Tips?

Security researchers have uncovered a seven year-long malware campaign against Latin America.

Citizen Lab found that journalists, activists, politicians, and public figures in Argentina, Ecuador, Brazil and Venezuela have been targeted by a large-scale hacking campaign since 2008.

The campaign, dubbed Packrat, uses bogus websites and social media accounts for fake opposition groups and news organisations in order to distribute malware and conduct phishing attacks.

The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.

Security tools firm AlienVault uploaded Citizen Lab’s findings on Packrat to its threat-sharing platform OTX in order to warm the general community of the emerging threat and its indicators of compromise. Citizen Lab is an interdisciplinary lab focused on global security.

The security researchers caught the scent of the Packrat attackers in Ecuador this year before tracing their nefarious activities back to attempts to compromise the devices of Alberto Nisman, an Argentine prosecutor known for doggedly probing a 1994 Buenos Aires bombing, and investigative journalist Jorge Lanata in Argentina last year. Further work revealed a pattern of systematic electronic spying dating back to 2007.

The researchers reckon Packrat is likely “sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence” without naming a likely culprit.

The long arm of Uncle Sam and the NSA would seem to be the most likely explanation but other scenarios are, perhaps, possible. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

Mandrake handlers could snoop on whatever victim did with their phone

NSO Group: Facebook tried to license our spyware to snoop on its own addicts – the same spyware it's suing us over

Antisocial network sought surveillance tech to boost its creepy Onavo Protect app, it is claimed

Judge green-lights Facebook, WhatsApp hacking lawsuit against spyware biz NSO, unleashing Zuck's lawyers

Legal discovery team could turn up some very interesting, and possibly embarrassing details

It's not every day the NSA publicly warns of attacks by Kremlin hackers – so take this critical Exim flaw seriously

GRU crew actively exploit hole – but you patched it months ago, right?

Senator demands deep probe into spyware-for-cops after NSO Group touts hacking toolkit to American plod

Updated 'Aggressive oversight' needed, Congress urged

Spyware maker NSO can't claim immunity, Facebook lawyers insist – it's time to face the music

Software developers aren't nation states, antisocial giant points out

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Eleven flaws cleaned up including one that may be exploited to sling malware downloads

Spyware slinger NSO to Facebook: Pretty funny you're suing us in California when we have no US presence and use no American IT services...

Malware maker urges judge to dump lawsuit over WhatsApp phone snooping

Biting the hand that feeds IT © 1998–2020