South American Hacker Group Targets Journalists And Dissidents | Hacked: Hacking Finance

South American Hacker Group Targets Journalists And Dissidents


Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.


Bitcoin Giant Bitmain Enters the High Stakes AI Race 27th August, 2017

Three Country Exchange Traded Funds Offer Potential For Investors 27th August, 2017


South American Hacker Group Targets Journalists And Dissidents

Posted on .
This article was posted on Wednesday, 17:22, UTC.

A group of hackers believed to have sent malware to an Argentine prosecutor who died mysteriously this year has been targeting South American journalists and dissidents, according to the Citizen Lab, an Internet watchdog, the Associated Press reported. The Argentine prosecutor, Alberto Nisman, made international headlines when he died mysteriously while attempting to bring charges against the country’s president.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The scope of the hackers’ targets indicate state sponsorship, as do the targets themselves.

The hackers have launched dummy websites and have attacked Ecuadorean journalists and opposition figures with spyware. One dummy website targeting Venezuela carried news that reported questionable “scoops” alleging corruption among the governing socialists. In Ecuador, a dummy website was tailored to attract dissatisfied former police officers.

A Three-Month Investigation

Researchers conducted a three-month investigation after determining the spyware on Nisman’s smartphone was written to transmit pilfered data to the same command-and-control structure as the malware sent to Ecuadorean targets. Investigators said the hackers demonstrated a systemic and keen interest in the independent press and the political opposition in the three countries, all of which are led by left-wing governments.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Citizen LabThe hackers threatened a Citizen Lab researcher in September who investigated a U.S.-based machine that the group managed to infect. A message that appeared on the researcher’s computer screen threatened to “analyze your brain with a bullet – and your family’s too.” It said he should know that playing a spy has a cost “— your life.”

Morgan Marquis-Boire, one of the researchers, said the message displayed unusual behavior for professional hackers, indicating little fear of criminal prosecution.

The group tried to infect an Associated Press reporter’s computer with a phishing attack in order to steal a Google password in November.

The researchers were able to identify the group through intertwined Internet domains and email signatures sent to infect computers. The group has been active for seven years and has used hosting services in Brazil since 2008 at least, the researchers said.

Privacy Rules Impede Further Research

Identifying the source of the hacking may require court orders on account of the Internet hosting companies’ privacy rules.

Targets received an email from a dummy organization claiming to oppose Ecuador president Rafael Correa. Other targets received a message that was falsely signed by an opposition leader that claimed to reveal identities of persons investigated by Ecuador’s spy agency.

People who clicked on embedded links became infected with spyware that surreptitiously pulled information and sent it to the group’s servers.

Researchers referenced the servers as “Packrat.” The name Packrat was chosen since the hackers use commercial packages of remote access trojans that affect smartphones and computers. These enable hackers to capture text messages, emails and keystrokes. The software can also hijack webcams and microphones.

Researchers said the malware was packaged to evade anti-virus detection.

A Sophisticated Hacker Operation

John Scott-Railton, the lead Citizen Lab researcher at the University of Toronto’s Munk School for Global Affairs, said the operation is highly targeted. He said Packrat carefully chooses and relentlessly pursues its targets.hacker

The hackers used the same Internet domains for years even though there was some exposure in doing this, a technical convenience. Cybercriminals normally do not do this for fear of being caught by law enforcement.

The researchers found 35 types of booby-trapped files and used domains hosted by companies in the U.S., Uruguay, Sweden, Spain, France, Brazil and Argentina.

About two dozen “seeding” sites resided on servers owned by LLC, a U.S.-based web hosting company, for much of the past two years. GoDaddy-hosted domain names included,, and

Researchers alerted most of the providers Friday and asked that they shutter Packrat’s known infrastructure. Nick Fuller, a GoDaddy spokesperson, said GoDaddy acts immediately after identifying a problem website.

Packrat Targeted Nisman

The researchers started the investigation after determining that Packrat had targeted Nisman, who died mysteriously of a gunshot wound in January while attempting to bring charges against Argentina’s president.

Researchers said Packrat sent Jorge Lanata, an Argentine journalist, the same virus Nisman received a month prior to his death.

The virus was designed to communicate with the same Internet domains used to spy on Ecuadorean opposition figures who found Packrat malware in their emails using search scripts the researchers wrote.

Scott-Railton said the targets, most of which are in Ecuador, probably represent only a small portion of the group’s activity. He said he doubted that the Brazil-focused operations have stopped.

Packrat targeted Ecuadorean reporters, environmental activists and Crudo Ecuador, a satirist who mocked the president. It launched a website to mirror the Ecuador National Assembly’s email web interface, an attempt to gain lawmakers’ passwords and usernames, according to the researchers.

Also read: Iranian hackers target U.S. government officialsJournalist And Other Targets

Janet Hinostroza, a journalist who won a press freedom award in 2013 from the Committee to Protect Journalists, claimed she was hacked in January and in August, a month after she was accused by the interior minister of plotting to overthrow the government. She said she believed the hackers had access to her information.

Hinostroza said she cannot access data on her Apple iCloud since the hackers changed her security questions and her password.

Packrat targets in Ecuador also include Cesar Ricuarte, director of Fundamedios, a press freedom watchdog, and Martha Roldos, an environmental activist. Roldos received 34 malicious emails from Packrat, according to Citizen Lab.

One Packrat-created website, “,” attempted to attract Ecuadorean police officers who were dismissed following a 2010 revolt over benefits. The website, which has been removed, included an affiliated Twitter account.

The most elaborate website created by the group is one in Venezuela called, a compendium of opposition-friendly news that includes inaccurate “scoops” and plagiarized articles. The website, taken offline on Tuesday, provided no contact information but asked readers to enter their email addresses.

Images from Shutterstock and Facebook.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

  • user

    AUTHOR Danny

    Posted on 4:33 am December 12, 2015.

    Are you looking for possible hacking solutions, do you want to check into your partner or wards social apps(FB, Whatsapp, Emails, Kik e.t.c). Erase unwanted files or clear bad records, then Contact: [email protected]………….. it is done in no time!!!!

  • View Comments (1) ...
    The team:
    Dmitriy Lavrov
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Jonas Borchgrevink is the founder of and He is a serial entrepreneur, trader and investor. He shares his own personal journey on // -- Discuss and ask Read More
    Mate Csar
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Senior Market Analyst at // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
    Toshiba Service Station, Dell System Detect, and Lenovo Solution Center…