Revealed: Mystery 7-year cyberspy campaign in Latin America

Bogus propaganda websites punt malware to likely marks

Hand holding smartphone taking picture in Manaus, Brazil. Picture by Filipe Frazao via Shutterstock
Man takes snap with smartphone in Manaus, Brazil. Pic: Filipe Frazao via Shutterstock

Security researchers have uncovered a seven year-long malware campaign against Latin America.

Citizen Lab found that journalists, activists, politicians, and public figures in Argentina, Ecuador, Brazil and Venezuela have been targeted by a large-scale hacking campaign since 2008.

The campaign, dubbed Packrat, uses bogus websites and social media accounts for fake opposition groups and news organisations in order to distribute malware and conduct phishing attacks.

The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.

Security tools firm AlienVault uploaded Citizen Lab’s findings on Packrat to its threat-sharing platform OTX in order to warm the general community of the emerging threat and its indicators of compromise. Citizen Lab is an interdisciplinary lab focused on global security.

The security researchers caught the scent of the Packrat attackers in Ecuador this year before tracing their nefarious activities back to attempts to compromise the devices of Alberto Nisman, an Argentine prosecutor known for doggedly probing a 1994 Buenos Aires bombing, and investigative journalist Jorge Lanata in Argentina last year. Further work revealed a pattern of systematic electronic spying dating back to 2007.

The researchers reckon Packrat is likely “sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence” without naming a likely culprit.

The long arm of Uncle Sam and the NSA would seem to be the most likely explanation but other scenarios are, perhaps, possible. ®


Biting the hand that feeds IT © 1998–2017