Home > List all groups > leetMX

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: leetMX

NamesleetMX (ClearSky)
CountryMexico Mexico
MotivationInformation theft and espionage
First seen2016
Description(ClearSky) leetMX is a widespread cyber-attack campaign originating from Mexico and focused on targets in Mexico, El Salvador, and other countries in Latin America, such as Guatemala, Argentina and Costa Rica. It has been operating since November 2016 at least. We are uncertain of its objectives but estimate it is criminally motivated.

leetMX infrastructure includes 27 hosts and domains used for malware delivery or for command and control. Hundreds of malware samples have been used, most are Remote Access Trojans and keyloggers.

Interestingly, the attackers camouflage one of their delivery domains by redirecting visitors to El Universal, a major Mexican newspaper.
ObservedCountries: Argentina, Costa Rica, El Salvador, Guatemala, Mexico, USA.
Tools used

Last change to this card: 28 April 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key