Threat Actor Profile
Description
Machete is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular emphasis on Venezuela, but also in the US, Europe, Russia, and parts of Asia. Machete generally targets high-profile organizations such as government institutions, intelligence services, and military units, as well as telecommunications and power companies.(Citation: Cylance Machete Mar 2017)(Citation: Securelist Machete Aug 2014)(Citation: ESET Machete July 2019)(Citation: 360 Machete Sep 2020)
Confidence Score
Known Aliases
Tags
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (11)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Machete', 'APT-C-43', 'El Machete'],
'created': '2019-09-13T12:37:10.394Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Machete](https://attack.mitre.org/groups/G0095) is a '
'suspected Spanish-speaking cyber espionage group that has '
'been active since at least 2010. It has primarily focused its '
'operations within Latin America, with a particular emphasis '
'on Venezuela, but also in the US, Europe, Russia, and parts '
'of Asia. [Machete](https://attack.mitre.org/groups/G0095) '
'generally targets high-profile organizations such as '
'government institutions, intelligence services, and military '
'units, as well as telecommunications and power '
'companies.(Citation: Cylance Machete Mar 2017)(Citation: '
'Securelist Machete Aug 2014)(Citation: ESET Machete July '
'2019)(Citation: 360 Machete Sep 2020)',
'external_references': [{'external_id': 'G0095',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0095'},
{'description': '(Citation: Securelist Machete Aug '
'2014)(Citation: ESET Machete July '
'2019)(',
'source_name': 'Machete'},
{'description': '(Citation: 360 Machete Sep 2020)',
'source_name': 'APT-C-43'},
{'description': '(Citation: Cylance Machete Mar 2017)',
'source_name': 'El Machete'},
{'description': 'The Cylance Threat Research Team. '
"(2017, March 22). El Machete's "
'Malware Attacks Cut Through LATAM. '
'Retrieved September 13, 2019.',
'source_name': 'Cylance Machete Mar 2017',
'url': 'https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html'},
{'description': 'Kaspersky Global Research and '
'Analysis Team. (2014, August 20). El '
'Machete. Retrieved September 13, '
'2019.',
'source_name': 'Securelist Machete Aug 2014',
'url': 'https://securelist.com/el-machete/66108/'},
{'description': 'ESET. (2019, July). MACHETE JUST GOT '
'SHARPER Venezuelan government '
'institutions under attack. Retrieved '
'September 13, 2019.',
'source_name': 'ESET Machete July 2019',
'url': 'https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf'},
{'description': 'kate. (2020, September 25). APT-C-43 '
'steals Venezuelan military secrets '
'to provide intelligence support for '
'the reactionaries — HpReact '
'campaign. Retrieved November 20, '
'2020.',
'source_name': '360 Machete Sep 2020',
'url': 'https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/'}],
'id': 'intrusion-set--38863958-a201-4ce1-9dbe-539b0b6804e0',
'modified': '2025-04-25T14:49:22.323Z',
'name': 'Machete',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Matias Nicolas Porolli, ESET'],
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '2.0'}