El Machete

πŸ”΄ High
Also known as: Machete, machete-apt, APT-C-43, G0095, El Machete, Machete - APT-C-43

El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.

🌍 Country Unknown
⚑ Risk Level High
🎯 Incident Type Espionage
Military Government

Targeted Victims

Venezuela Russia Cuba China Belgium Ecuador Brazil Spain Germany France Colombia Peru Sweden United States Malaysia

Introduction

El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.

Activities and Tactics

Targeted Sectors: Military, Government

Country of Origin: 🏳️ Unknown

Risk Level: High

Incident Type: Espionage

Suspected Victims: Venezuela, Russia, Cuba, China, Belgium, Ecuador, Brazil, Spain, Germany, France…

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Minimo

Attribution and Evidence

Country of Origin: Unknown Additional attribution information pending cataloguing.

References

References pending cataloguing.