Agriculture, banking, capital goods, commercial services, manufacturing, public sector, retail, and transportation companies across Mexico with annual revenues exceeding $100 million have been targeted with attacks deploying the AllaKore RAT malware to facilitate banking credential and authentication data exfiltration since late 2021, reports The Record, a news site by cybersecurity firm Recorded Future.
Attackers who are believed to be linked to the financially motivated FIN13 hacking operation and originate from Latin America due to their utilization of Mexico Starlink IPs leveraged spear-phishing attacks using lures aimed at major Mexican enterprises to enable compromise with AllaKore RAT, which features keylogging, file uploading and downloading, screen capturing, and device hijacking capabilities despite its relative lack of sophistication, according to a BlackBerry report.
"This threat actor has been persistently targeting Mexican entities for the purposes of financial gain. This activity has continued for over two years, and shows no signs of stopping," said researchers.