- ESET researchers announced their latest report on Operation King TUT (The Universe of Threats) in Latin America, where they analyzed more than a dozen operations and cybercriminal campaigns between 2019 and 2023.
- The campaigns exhibit a high level of sophistication, specifically tailoring their approach to enterprise users and governments.
- The primary method used to target potential victims is via phishing emails; both the precision and specificity observed in these attacks point to a high level of targeting.
BRATISLAVA, BUENOS AIRES — October 17, 2023 — ESET Research announced today the release of the report “Looking into TUT’s tomb: The universe of threats in LATAM,” which analyzes more than a dozen operations and various cybercriminal campaigns in Latin America. With evolving targeting strategies and techniques, these campaigns exhibit a high level of sophistication, specifically tailoring their approaches to exploit enterprise users, including government sectors. The predominant method of compromising victims is through phishing emails that deliver multiple malicious components.
“Much like the life and mysterious demise of the ancient Egyptian pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America remains shrouded in mystery. This is primarily due to limited global attention on evolving malicious campaigns within the region,” says ESET researcher Camilo Gutierrez, based in Buenos Aires, Argentina, who investigated the malicious campaigns. “With parallels to how archaeological excavations of King Tut’s tomb shed light on ancient Egyptian life, we embarked on a journey to delve into less-publicized cyberthreats affecting Latin American countries. Our initiative, named Operation King TUT (The Universe of Threats), sought to explore this significant threat landscape.”
In the paper, ESET Research looks back at various publicly documented campaigns targeting the LATAM region between 2019 and 2023; the vast majority of the detections surrounding these cybercriminal activities are in Latin America and are not associated with global crimeware. Since each of these operations has its own unique traits, and they don’t appear to be linked to a single threat actor, it’s highly likely that multiple actors are at play.
ESET analysis revealed a notable shift from simplistic, opportunistic crimeware to more complex threats. Notably, researchers have observed a transition in targeting, moving from a focus on the general public to high-profile users, including businesses and governmental entities. These threat actors continually update their tools, introducing different evasion techniques to increase the success of their campaigns. Furthermore, while the LATAM region contains the vast majority of victims, in some cases we have seen an expansion of these campaigns targeting countries outside the region, with the actors taking their crimeware business beyond Latin America and mirroring the pattern seen in banking trojans born in Brazil.
“Our comparison also shows that the majority of malicious campaigns seen in the region are directed at enterprise users, including government sectors, by primarily employing spearphishing emails to reach potential victims. Attackers often masquerade as recognized organizations within specific countries in the region, particularly government or tax entities,” says Gutierrez.
The precision and specificity observed in these attacks point to a high level of targeting, indicating that the threat actors have detailed knowledge about their intended victims. In these campaigns, attackers utilize malicious components like downloaders and droppers, mostly created in PowerShell and VBS. Regarding the tools used in these malicious operations in Latin America, ESET observations indicate a preference for remote access trojans.
For more technical information about “Operation King TUT: The universe of threats in LATAM,” read the blog post on WeLiveSecurity. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.
Described cybercriminal activities were detected exclusively in LATAM countries
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.
