ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > leetMX

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: leetMX

NamesleetMX (ClearSky)
CountryMexico Mexico
MotivationInformation theft and espionage
First seen2016
Description(ClearSky) leetMX is a widespread cyber-attack campaign originating from Mexico and focused on targets in Mexico, El Salvador, and other countries in Latin America, such as Guatemala, Argentina and Costa Rica. It has been operating since November 2016 at least. We are uncertain of its objectives but estimate it is criminally motivated.

leetMX infrastructure includes 27 hosts and domains used for malware delivery or for command and control. Hundreds of malware samples have been used, most are Remote Access Trojans and keyloggers.

Interestingly, the attackers camouflage one of their delivery domains by redirecting visitors to El Universal, a major Mexican newspaper.
ObservedCountries: Argentina, Costa Rica, El Salvador, Guatemala, Mexico, USA.
Tools used

Last change to this card: 29 April 2020

Download this actor card in PDF or JSON format

Previous: Leafminer, Raspite
Next: Leviathan, APT 40, TEMP.Periscope

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]