A cyberespionage campaign has recently made a comeback and is currently believed to be targeting high-profile international government organisations across the globe. The hacker group perpetuating the attacks use a customised malware dubbed El Machete and distribute it via social engineering techniques. The hackers behind the El Machete campaign have already stolen over 100GB worth of data.
Security researchers believe that the El Machete hackers' primary targets are in Latin America, but the campaign has also targeted organisations in Canada, England, Germany, Korea, Russia, the Ukraine and the United States. El Machete is believed to have been active since at least 2014, possibly dating as far back as 2012, according to Kaspersky Lab researchers, who first identified the campaign in 2014.
According to security researchers at Cylance, the El Machete malware is customised and heavily reliant on Windows API and has been designed to evade detection from traditional antivirus programs. The hackers are believed to be going after "high-value" targets including intelligence agencies, military and government organisations.
The Cylance researchers said: "El Machete has continued largely unimpeded in their espionage activities for the past several years, despite the abundance of publicly available indicators. Many of these indicators should have allowed defenders to reliably identify this threat, but the majority of antivirus (AV) solutions continue to have very low detection rates across current samples.
"El Machete will no doubt continue to be successful across most Latin American countries as they struggle to build up both their offensive and defensive cyber capabilities. Many of the targeted countries were listed as customers in the leaks of both Finfisher and Hacking Team, which suggests they likely have yet to fully mature and develop their own internal cyber capabilities. In any case, whoever is behind El Machete is certainly reaping the rewards of building and deploying their own custom malware."