Researchers at Kaspersky Labs have uncovered a new, long-lived piece of espionage malware called Careto (Spanish for "Mask"). The software, which attacks Windows, Mac OS and GNU/Linux, has been running since at least 2007 and has successfully targeted at least 380 victims in 31 countries, gaining access via directed spear-phishing attacks, which included setting up fake sites to impersonate The Guardian. The Mask was thought to be the work of a government, and its targets were "government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists." It is possible that the Mask also targeted Android and Ios devices.
The authors appear to be native in the Spanish language which has been observed very rarely in APT attacks.
The campaign was active for at least five years until January 2014 (some Careto samples were compiled in 2007). During the course of Kaspersky Lab’s investigations, the command-and-control (C&C) servers were shut down.
We counted over 380 unique victims between 1000+ IPs. Infections have been observed in: Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela.
The complexity and universality of the toolset used by the attackers makes this cyber-espionage operation very special. This includes leveraging high-end exploits, an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS). The Mask also used a customized attack against Kaspersky Lab’s products.
Among the attack’s vectors, at least one Adobe Flash Player exploit (CVE-2012-0773) was used. It was designed for Flash Player versions prior to 10.3 and 11.2. This exploit was originally discovered by VUPEN and was used in 2012 to escape the Google Chrome sandbox to win the CanSecWest Pwn2Own contest.
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
A long time ago, Veronica Belmont was featured in a blooper reel for her old TV show in which she clowned around with a Cthulhu t-shirt, wiggling back and forth and saying “So lifelike.” A creepy Internet person turned the moment into a GIF that has followed her around ever since, so that other creepy […]
Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising company called Superfish, made it possible for attackers create “secure” connections to undetectable fake versions of banking sites, corporate intranets, webmail providers, etc.
Carrying this EDC card is like slinging around a handheld toolbox wherever you go. Its minimal design is small enough to fit in your wallet’s billfold, and it’s TSA-compliant so you’ll never leave it behind. It’s got hex wrenches, metric and imperial rulers, flathead and Phillip’s screwdrivers, and a bottle opener so that you’re ready […]
Today only take an additional 15% off the below drones today using coupon code: DRONE15 at checkoutThe Code Black is our top-selling drone of all time—and for good reason. This powerful, palm-size drone is not only insanely fun to fly, but can capture some serious video footage from up above. With a flight time of […]
Why interrupt your post-Thanksgiving turkey bliss to wait in an epic line, when the best deal of the season is a click away? We’re treating you Mac enthusiasts to the ultimate Black Friday bundle, packed with apps to give your machine a mega boost in the right direction. From Drive Genius to AfterShot Pro to […]