Packrat
Packrat is a group of threat actors whose activity peaked in 2015 – they were involved in several large-scale attack campaigns against countries in Latin America. The hackers engaged in espionage, phishing, and data theft attacks that affected victims in Brazil, Venezuela, Argentina and Ecuador primarily. The group's attack campaigns are very elaborate – they have set up entire fake organizations and identities to execute flawless social engineering operations that aim to mislead their victims into thinking that they are interacting with a trustworthy and legitimate entity or individual. The name Packrat is derived from the fact that the hackers focus on Remote Access Trojans (RATs), and, usually, the threats they use fall in the so-called category of 'commodity malware.' This means that they are not relying on custom-built tools and, instead, they are renting or purchasing RATs from malware developers.
The Packrat Hackers may be Nation-Backed
The targets of the Packrat hint that this group might be state-sponsored – they go after journalists, news organizations, political figure and companies with an international presence. To deliver a payload to their targets, the group often relied on phishing attacks that were executed with the help of fake identities, companies, or websites that had a legitimate-looking background. In some of their campaigns, they also delivered corrupted links via SMS messages.
Some of the commodity RATs that the Packrat hackers used frequently are CyberGate, Alien Spy, XtremeRAT and Adzok. In addition to using malware implants, the group also set up elaborate phishing pages that were used to collect the credentials for various platforms such as Google, Twitter, Facebook and various messaging services. On top of this, the Packrat hackers have set up fake news websites that were not used to deliver malware and, instead, they emphasized on spreading disinformation. The scale of this attack, and the various techniques that the hackers us are an almost certain sign that these attacks are very likely to be state-sponsored.
Packrat's Elaborate Attack Campaigns may Involve Dozens of Social Engineering Experts
Another reason why cybercriminals suspect that the Packrat campaign might be backed by an unidentified state actor is the fact that its operation is likely to have cost hundreds of thousands of dollars. The hackers have maintained a very secure and operation network infrastructure successfully, which was working for over seven years continuously. Furthermore, the amount of effort put into generating fake content, identities, and companies is likely to mean that dozens of people were involved in the social engineering aspect of the attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.