Agriculture, banking, capital goods, commercial services, manufacturing, public sector, retail, and transportation companies across Mexico with annual revenues exceeding $100 million have been targeted with attacks deploying the AllaKore RAT malware to facilitate banking credential and authentication data exfiltration since late 2021, reports The Record, a news site by cybersecurity firm Recorded Future. Attackers who are believed to be linked to the financially motivated FIN13 hacking operation and originate from Latin America due to their utilization of Mexico Starlink IPs leveraged spear-phishing attacks using lures aimed at major Mexican enterprises to enable compromise with AllaKore RAT, which features keylogging, file uploading and downloading, screen capturing, and device hijacking capabilities despite its relative lack of sophistication, according to a BlackBerry report.

Source: SC Magazine