Phishing Campaign Targets Major Mexican Banks

Cybersecurity company, Perception Point, recently identified a successful phishing campaign targeting five major Mexican banks. Dubbed "Manipulated Caiman," this hacking group breached the banking accounts of about 4,000 individuals in Mexico, aiming to steal confidential data and potentially obtain financial gains. Phishing scams remain predominant in the country, with 53% of Mexican organizations reporting at least one effective phishing attempt in the past year, according to Infoblox.

“The significant digitization of banking services in recent years and the increase in sophistication and intensity, both in quantity and volume, of cybercrime, may be two of the factors contributing to the growth of these illegal activities in the region,” Claudio Baumann, Director, Akamai told MBN. 

The attackers initiated the scheme by sending emails that falsely claimed to deliver digital fiscal receipts (CFDIs). These emails contained compromised ZIP files that appeared to house a PDF and an XML file. Upon opening these ZIP files, victims encountered a request to another URL and if the response originated from a Mexican IP address, the code activated malicious software automatically. In contrast, responses from foreign IP addresses triggered a geofencing measure, effectively redirecting the user to different websites and ceasing the malicious code execution. 

Despite their occasional missteps, Manipulated Caiman and similar organizations possess a formidable capability to compromise third-party systems and cause substantial disruptions. In fact, upon gaining access to Manipulated Caiman's servers, Perception Point estimated potential earnings of US$55 million based on the victims' account balance at the time of infection.

"I think one of the advantages these individuals have is that, in the end, these crimes aren't pursued as vigorously. As long as they can keep stealing money without getting caught, it enables them to invest in the best infrastructure or personnel to continue their operations,” says Hiram Camarillo, Executive Director, Seekurity. 

Consequently, it comes as no surprise that phishing scams and identity theft remain the prevailing cyberattack technique employed by these malicious actors. Furthermore, this major phishing campaign underscores a broader trend of cyberattacks targeting banking institutions in the Latin American region.

In light of this breach, the implementation of a cybersecurity legislation that pursues and prosecutes these kinds of crimes becomes imperative. Meanwhile, organizations and government bodies have to take proactive counter measures to reinforce their security postures as cybersecurity attacks continue to evolve and proliferate.