ESET Research announces comprehensive report on Latin America’s threat landscape titled ‘Looking into TUT’s tomb: The universe of threats in LATAM’

ESET Research announced today the release of the report “Looking into TUT’s tomb: The universe of threats in LATAM,” which analyzes more than a dozen operations and various cybercriminal campaigns in Latin America. With evolving targeting strategies and techniques, these campaigns exhibit a high level of sophistication, specifically tailoring their approaches to exploit enterprise users, including government sectors. The predominant method of compromising victims is through phishing emails that deliver multiple malicious components.

In the paper, ESET Research looks back at various publicly documented campaigns targeting the LATAM region between 2019 and 2023; the vast majority of the detections surrounding these cybercriminal activities are in Latin America and are not associated with global crimeware. Since each of these operations has its own unique traits, and they don’t appear to be linked to a single threat actor, it’s highly likely that multiple actors are at play.

ESET analysis revealed a notable shift from simplistic, opportunistic crimeware to more complex threats. Notably, researchers have observed a transition in targeting, moving from a focus on the general public to high-profile users, including businesses and governmental entities. These threat actors continually update their tools, introducing different evasion techniques to increase the success of their campaigns. Furthermore, while the LATAM region contains the vast majority of victims, in some cases we have seen an expansion of these campaigns targeting countries outside the region, with the actors taking their crimeware business beyond Latin America and mirroring the pattern seen in banking trojans born in Brazil.

The precision and specificity observed in these attacks point to a high level of targeting, indicating that the threat actors have detailed knowledge about their intended victims. In these campaigns, attackers utilize malicious components like downloaders and droppers, mostly created in PowerShell and VBS. Regarding the tools used in these malicious operations in Latin America, ESET observations indicate a preference for remote access trojans.

For more technical information about “Operation King TUT: The universe of threats in LATAM,” read the blog post on WeLiveSecurity. 

Leave a Reply

%d bloggers like this: