leetMX

Description

(ClearSky) leetMX is a widespread cyber-attack campaign originating from Mexico and focused on targets in Mexico, El Salvador, and other countries in Latin America, such as Guatemala, Argentina and Costa Rica. It has been operating since November 2016 at least. We are uncertain of its objectives but estimate it is criminally motivated.

leetMX infrastructure includes 27 hosts and domains used for malware delivery or for command and control. Hundreds of malware samples have been used, most are Remote Access Trojans and keyloggers.

Interestingly, the attackers camouflage one of their delivery domains by redirecting visitors to El Universal, a major Mexican newspaper.

Names

Name	Name-Giver
leetMX	ClearSky

Country

Mexico

Motivation

Information theft and espionage

First Seen

2016

Observed Countries

Argentina
Costa Rica
El Salvador
Guatemala
Mexico
USA

Information

https://www.clearskysec.com/leetmx/

Other Information

Uuid

e8fab0e1-c3e1-4d53-bcf7-614c18ca665c

Last Card Change

2020-04-29

Threat Intelligence Garden

Explorer

leetMX

leetMX

Description

Names

Country

Motivation

First Seen

Observed Countries

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks