A study of Machete cyber espionage operations in Latin America

Wednesday 2 October 15:00 - 15:30, Green room

Veronica Valeros (Czech Technical University in Prague)
Maria Rigaki (Czech Technical University in Prague)
Kamila Babayeva (Czech Technical University in Prague)
Sebastian Garcia (Czech Technical University in Prague)



Reports on cyber espionage operations have been on the rise in the last decade. However, operations in Latin America are heavily under researched and potentially underestimated. In this paper we analyse and dissect a cyber espionage tool known as Machete. The results presented in this work are based on the collection, reversing and analysis of Machete samples from 2013 to 2019. The large collection of samples allowed us to analyse changes in features and the malware's evolution, including the latest changes introduced in January 2019.

Our research shows that Machete is operated by a highly coordinated and organized group that focuses on Latin American targets. We describe the five phases of the APT operations from delivery to exfiltration of information and we show why Machete is considered a cyber espionage tool. Furthermore, our analysis indicates that the targeted victims belong to military, political or diplomatic sectors. The review of the almost six years of Machete operations shows that it is likely operated by a single group, and their activities are possibly state-sponsored. Machete is still active and operational to this day.

 

Veronica-Valeros-web.jpg

Veronica Valeros

Veronica is a researcher and intelligence analyst from Argentina. Her research has a strong focus on helping people and involves different areas from wireless and Bluetooth privacy issues to malware, botnets and intrusion analysis. She has presented her research at many international conferences such as BlackHat, EkoParty, Botconf and others. She is the co-founder of the MatesLab hackerspace based in Argentina, and co-founder of the Independent Fund for Women in Tech. She is currently the director of the CivilSphere project at the Czech Technical University, which is dedicated to protecting civil organizations and individuals from targeted attacks. In her free time she loves to lockpick, drive, and paint. 

@verovaleros

 

Maria-Rigaki-web.jpg

Maria Rigaki

Maria Rigaki is a researcher and Ph.D. student at Czech Technical University in Prague. Her research focus is in exploring the limits of machine learning applications in security both from an offensive and a defensive perspective. Before that she spent many years working as a software developer and systems architect. Her work spanned several domains including designing and developing solutions for telecommunications, physical security, emergency response systems and critical infrastructures.

@mrigaki

 

Kamila-Babyeva-web.jpg

Kamila Babayeva

Kamila is a bachelor student at the Czech Technical University in Prague. She is highly interested in understanding and analysing malware. She currently works as a junior malware reverser at CivilSphere, a project dedicated to protect civil organizations and individuals from targeted attacks. She spends her free time learning and programming in Python.

@_kamifai_

 

Sebastian-Garcia-web.jpg

 Sebastian Garcia

Sebastian is a malware researcher and security teacher who has extensive experience in machine learning applied to network traffic. He created the Stratosphere IPS project, a machine-learning-based, free software IPS dedicated to protecting civil society. He likes to analyse network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has taught in several countries and universities and worked on penetration testing for both corporations and governments. He has been lucky enough to talk at industry events including Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore and CACIC. As a co-founder of the MatesLab hackspace he is a free software advocate who has worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.

@eldracote



Back to VB2019 Programme page

Other VB2019 papers

TBA

Speaker TBA (TBA)

Keynote address: Tales from the NCSC: the daily battle to defend a country in cyberspace

TBA (National Cyber Security Centre, UK)

Last-minute paper (TBA)

Speaker TBA (TBA)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.