By Bryan Gonzalez & Karla Gomez from Ocelot Team Context The purpose of this blog is to provide information about the TA558 adversary, who has been very active across different sectors in Mexico. This information is presented using the Diamond Model for intrusion analysis. The Diamond Model visually organizes key aspects of malicious activity in […]
TA558 group attacking legacy systems in LATAM Read More »
By Gerardo Corona Ocelot Team Context After the discovery of the self-proclaimed local group “Fenix”, the Cyber Threat Intelligence team at Metabase Q has identified a malware distribution campaign attributed to a cybercriminal group in the region known as CyberCartel. CyberCartel, has been active in Mexico and other Latin American countries, including Chile, since around
Episode V: Cybercartel strikes back Read More »
By Gerardo Corona & Julio Vidal Ocelot Team Context Ransomware gangs have found a profitable market in LATAM, but they are not alone, they need region-based actors to provide them the initial access to the companies. These local groups create phishing campaigns based on the government activities during the year, like Tax season, testament month,
Botnet Fenix: New botnet going after tax payers in Mexico and Chile Read More »
Salvador Mendoza – Research and Development Director, Metabase Q // Research Summary Have you heard of AirTag by Apple? It is a tracking device developed by Apple and designed to help people find misplaced objects. However, even when Apple states that AirTag technology is solely used for tracking objects, a growing number of malicious individuals
Apple AirTags, Unwanted tracking capabilities Read More »
Fernando Garcia & Dan Regalado Ocelot team Context The Metabase Q Security Operations Center (SOC) triages millions of alerts a day but a recent attempt to infect a customer’s network caught our attention. Although the customers’ endpoint detection and response security tools properly blocked the initial payload, the use of fake certificates to try to
Inside Mispadu massive infection campaign in LATAM Read More »
By Jesus Dominguez & Gerardo Corona from Ocelot Team Context ATMs are a core part of the financial system, providing users access to their money anytime at different physical locations. Over the past few years, attacks on these devices have increased in sophistication, severity, and frequency, resulting in significant consequences for both financial institutions and
FiXS the new ATM Malware in LATAM Read More »
By Bryan Gonzalez from Ocelot Team Introduction ImageMagick is a free and open-source software suite for displaying, converting, and editing image files. It can read and write over 200 image file formats and, therefore, is very common to find it in websites worldwide since there is always a need to process pictures for users’ profiles,
ImageMagick: The hidden vulnerability behind your online images Read More »
By Salvador Mendoza from Metabase Q’s R&D Team Metabase Q’s offensive security team, Ocelot, discovered a potential abuse of an inadequate issuer business practice to reset the PIN RETRY Counter (PRC) on Europay, MasterCard, Visa (EMV) chip contact cards. It would lead to a new attack called Pin Automatic Try Attack (PINATA). PINATA could brute
PINATA: The new cyberthreat affecting the financial sector Read More »
By Jesus Dominguez from Metabase Q’s Ocelot Team Context Janeleiro is amalware that has been attacking corporate users of large banks in Brazil since2019. This malware displays fake pop-up windows that pretend to be legitimateBrazilian bank forms, enabling it to gain unauthorized access to the victims’online banking accounts. Since January26, 2021, the Ocelot team has
Janeleiro.mx Threat Briefing Read More »
By Miguel Gonzalez from Metabase Q’s Ocelot Team Ransomware-as-a-Service is on the rise worldwide, and Mexico has become a target. Just a few days after the group Avaddon announced the compromise of Loteria Nacional, Ocelot detected a second variant of the malware targeting another company in the same country. In this blog, we present the
Neshta and Avaddon groups teaming up to infect Mexican company Read More »
Subscribe to our mailing lists for the latest news, trends and events in cybersecurity.
