El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.
Also known as
Machete, machete-apt, APT-C-43, G0095.
References
- attack.mitre.org
- securelist.com
- cylance.com
- cfr.org
- threatvector.cylance.com
- blog.360totalsecurity.com
Actor metadata imported from Malpedia (Fraunhofer FKIE).