Ron Deibert, Masashi Crete-Nishihata, Adam Senft, Irene Poetranto, Jakub Dalek and Sarah McKune of the Citizen Lab for helpful feedback and editing assistance.
Kevin Breen for helping with the analysis of CyberGate RAT samples.
PassiveTotal and Brandon Dixon.
Steven Adair/ Volexity.
Cisco's AMP Threat Grid Team for data correlation.
Other researchers and investigators who wished to remain anonymous but provided exceptionally helpful assistance, especially PFlash.This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have
shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes
