HOMETHREATSEl Machete
APT / THREAT GROUP🕵️ ESPIONAGE

El Machete

5
aliases
Last seen:Mar 17, 2026

Intelligence Profile

El Machete is one of these threats that was first publicly disclosed and named by Kaspersky here. We’ve found that this group has continued to operate successfully, predominantly in Latin America, since 2014. All attackers simply moved to new C2 infrastructure, based largely around dynamic DNS domains, in addition to making minimal changes to the malware in order to evade signature-based detection.

Threat Analysis

El Machete is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Aliases5
SourceMalpedia

Also Known As

machete-aptEl MacheteMacheteAPT-C-43G0095

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.