A financially motivated cybercriminal group known as Greedy Sponge has been actively targeting organizations across Mexico using customized versions of the AllaKore remote access trojan (RAT). Their goal is to steal financial data to commit fraud. By delivering the malware through convincing phishing campaigns often disguised as policy updates or business-related files, they trick victims into installing malicious software. Once inside, the attackers not only steal valuable data but also deploy SystemBC, a secondary malware. Over time, the group has fine-tuned its tactics, improved its targeting of Mexican companies, and enhanced its evasion techniques. Their continued evolution and deliberate focus on the region underscore a persistent and growing threat to organizations in Mexico.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
