Machete: Dissecting the Operations of a Cyber Espionage Group in Latin America

Valeros, V., Rigaki, M., Garcia, S., 2019, June. Machete: Dissecting the Operations of a Cyber Espionage Group in Latin America. In First Workshop on Attackers and Cyber-Crime Operations (WACCO), 2019. Euro S&P workshops.

Abstract

Reports on cyber espionage operations have been on the rise in the last decade. However, operations in Latin America are heavily under researched and potentially underestimated. In this paper we analyze and dissect a cyber espionage tool known as Machete. Our research shows that Machete is operated by a highly coordinated and organized group who focuses on Latin American targets. We describe the five phases of the APT operations from delivery to exfiltration of information and we show why Machete is considered a cyber espionage tool. Furthermore, our analysis indicates that the targeted victims belong to military, political, or diplomatic sectors. The review of almost six years of Machete operations show that it is likely operated by a single group, and their activities are possibly state-sponsored. Machete is still active and operational to this day.

machete.png