Report reveals seven-year South American malware campaign

December 10, 2015 by Irene Poetranto, University of Toronto

A number of journalists, activists, politicians and public figures in Latin America have been targeted by a large-scale hacking campaign since 2008, according to a new report from the University of Toronto's Citizen Lab.

Researchers have named the malicious actor behind the as "Packrat," to highlight the attacker's preference for Remote Access Trojans (RATs) and for using the same domain names and servers over many years.

The report, written by Citizen Lab Senior Researchers John Scott-Railton, Morgan Marquis-Boire, and Claudio Guarnieri, in collaboration with researcher Marion Marschalek, highlights the threats that and civil society face from determined adversaries. The study began when Citizen Lab researchers began receiving evidence of malware attacks against public figures and journalists in Ecuador. Their analysis found that these attacks were linked to an unsuccessful malware attack against Alberto Nisman, a high-profile lawyer who was found dead in January 2015 just hours before he was due to release a report condemning the Argentine government.

Building from this discovery, the report uncovers Packrat's extensive activity in Argentina, Ecuador, Brazil, and Venezuela. Citizen Lab researchers, examining almost three dozen attacks, discovered that Packrat creates and maintains websites and social media accounts for fake opposition groups and news organizations, then uses them to distribute malware and conduct phishing attacks against journalists, political figures, activists, and politicians. The report also documents a fake login page used to target members of Ecuador's National Assembly.

The concludes that, while clear attribution to a particular sponsor is not possible, the information collected by Packrat likely makes its way to at least one government.  "This case is yet another example of the digital threats confronting civil society, and the role that academic research plays in shedding light on the problem," said Citizen Lab Director Ron Deibert.

Explore further: South America hacker team targets dissidents, journalists

More information: Packrat: Seven Years of a South American Threat Actor.

Related Stories

South America hacker team targets dissidents, journalists

December 9, 2015

A shadowy cyber-espionage group that sent malware to the prosecutor whose mysterious death transfixed Argentina early this year has been hitting targets in left-leaning nations across South America, the Internet watchdog ...

Italian surveillance company hacked, documents stolen

July 6, 2015

An Italian surveillance firm known for selling malicious software used by police bodies and spy agencies has succumbed to a cyberattack, the firm's spokesman said Monday, confirming an embarrassing breach which sent documents ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

Paleontologists report world's biggest Tyrannosaurus rex

March 22, 2019

University of Alberta paleontologists have just reported the world's biggest Tyrannosaurus rex and the largest dinosaur skeleton ever found in Canada. The 13-metre-long T. rex, nicknamed "Scotty," lived in prehistoric Saskatchewan ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.