The targeted intrusion actor publicly known as Machete is one of few that has demonstrated both strong technical capabilities as well as a sustained target scope of entities in Latin America. One of this actor's most notable tactics has been the consistent use of likely-legitimate, stolen government documents as decoy content to facilitate initial access efforts. While the threat actor has continued to employ this tactic throughout 2021, one incident in June revealed a new development: network infrastructure overlapping with an operation publishing sensitive information related to Ecuadorian political leaders online. This indicates that Machete's contemporary network compromise activities have likely supplemented information operations meant to influence domestic politics within Latin America since at least early 2019.
Using the June 2021 incident as a foundation, this talk will address that activity's distinct connections to a multi-year, likely ongoing information operation targeting the Ecuadorian government and civil society, with uniquely global impacts. This talk will conclude with a discussion on attribution—supported by the preceding analysis—to outline a case for Machete activities having a nexus to a South American government.