“Machete” Cyberattack Strikes Venezuela (Aug 7, 2019)
The cyber-espionage campaign known as "Machete" has been observed stealing sensitive files from the Venezuelan military, according to researchers at ESET. While there are some compromised devices in Ecuador, Colombia, and Nicaragua, the primary focus is Venezuela, with over half of the compromised computers in the campaign belonging to the Venezuelan military. ESET researchers write that until May of this year, more than 50 computers were actively communicating with threat actor-controlled’ command and control server and bleeding gigabytes-worth of data each week. The primary interest of the campaign is Venezuelan military grids, positioning, and navigation routes, and the toolset used by Machete is capable of stealing documents commonly used in the office suite, but also those created using geographic information systems (GIS) software. Machete’s operators use refined spearphishing techniques, targeting specific individuals that have been carefully researched by the group. Although the actors’ identities remain unknown, Machete has long been used in campaigns against Latin American countries, and has been active since 2010.
Recommendation: The Machete campaign is highly targeted, therefore, it is likely that actors may be impersonating government officials or agencies in spearphishing emails. All employees should be educated on the risk of opening attachments or following links received from unknown or unexpected senders. Anti-spam and antivirus protection should be implemented and kept up-to-date with the latest version to better ensure security.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.