According to the results of the Discordia operation carried out by ESET, a computer research laboratory specializing in the development of cyber security software. Between the second week of February and March 30, 2022, Colombia accounted for 96% of all attacks, according to a modality that uses the Discord messaging platform to detect malware, also known as viruses.

This type of cyber threat Targets Colombian state NGOs and entities. The attacks are not directed in a massive way either, but are focused, so these cybercriminals had previously determined who would be their victim.

The main purpose of these cyber attacks is to steal information, manipulate files and connect to infected servers of infected computers in order to continue extracting information for a longer period of time.

According to Miguel Angel Mendoza, computer security specialist at ESET Laboratory, although these recent hacks may be related to the political situation in the country, attacks on Colombian organizations have been reported in the past.

In light of the above, ESET has already conducted two cyber security operations in 2019 and 2021, named Machete and Bandidos, respectively, and the results of both investigations already point to Colombia as the main recipient of these cyber espionage campaigns against the institutions. Government.

These threats managed to infect the computers of these units CEmails sent to workers claiming a The alleged fiscal requirement of the prosecution oral system, to be downloaded in a compressed file.

Once it caught the person’s attention, they asked for a password to download the document, which, however, indicated on the same email what it was. Then, a virus known as “nj Rat” or Remote Access Trojan allowed an attacker to control a computer that could send files, take screenshots, activate and deactivate cameras.

In addition to the already mentioned functions on which the attacker had remote control, he was also able to determine which keys were pressed when the device was used to steal passwords, a practice known as “Keylogger”.

How Discord relates to these cyberattacks in Colombia

The attackers used the public and legitimate messaging service Discord as a platform for hosting the first malware or virus. From there, I downloaded the second malware written in Power Shell, which is software used to automate the administrative tasks of Windows operating systems.

This second malware worked to reconnect with Discord and to download a third malware called Trojan which infects the device and gives the attacker remote access to connect to the given computers.

Operation Discordia also collected information on how these groups dedicated to cyber espionage of state and non-governmental institutions operate as a first step, they thoroughly investigate their potential victims, plan how to proceed, execute and Finally, they extract interesting data that also includes sensitive information about citizens.

Continue reading: