Argentina, Brazil, Ecuador, Venezuela
2008–2015 — An extensive campaign of malware, phishing, and disinformation was active across South America. Its range and nature suggests a sponsor (or sponsors) with regional political interests. The campaign was named Packrat by analysts, who first noticed it as a wave of attacks in Ecuador in 2015 but later tracked its activities back to 2008. See the detailed analysis by the Munk School of Global Affairs at the University of Toronto.
February 2014 — Kaspersky Lab announced discovery and analysis of The Mask, a sophisticated spying operation running at least since 2007 using technique and code surpassing any nation-state spyware previously seen in the wild. It targeted government agencies, diplomatic offices and embassies, companies in the petrochemical and energy industries, and research organizations and activists. They found at least 380 victims in more than 24 countries, the majority in Morocco and Brazil. The very impressive software includes snippets in Spanish. The spear-phishing used for initial infection tricked victims into thinking they were viewing web pages from top newspapers in Spain plus the Guardian and the Washington Post. Kaspersky believes The Mask is a nation-state project because of its sophistication and because it uses an exploit they think Vupen sold to the attackers. Vupen is a French company that sells zero-day exploits to law enforcement and intelligence agencies. Wired and Ars Technica ran stories on The Mask.