Researchers at Kaspersky Labs have uncovered a new, long-lived piece of espionage malware called Careto (Spanish for "Mask"). The software, which attacks Windows, Mac OS and GNU/Linux, has been running since at least 2007 and has successfully targeted at least 380 victims in 31 countries, gaining access via directed spear-phishing attacks, which included setting up fake sites to impersonate The Guardian. The Mask was thought to be the work of a government, and its targets were "government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists." It is possible that the Mask also targeted Android and Ios devices.
The authors appear to be native in the Spanish language which has been observed very rarely in APT attacks.
The campaign was active for at least five years until January 2014 (some Careto samples were compiled in 2007). During the course of Kaspersky Lab’s investigations, the command-and-control (C&C) servers were shut down.
We counted over 380 unique victims between 1000+ IPs. Infections have been observed in: Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela.
The complexity and universality of the toolset used by the attackers makes this cyber-espionage operation very special. This includes leveraging high-end exploits, an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS). The Mask also used a customized attack against Kaspersky Lab’s products.
Among the attack’s vectors, at least one Adobe Flash Player exploit (CVE-2012-0773) was used. It was designed for Flash Player versions prior to 10.3 and 11.2. This exploit was originally discovered by VUPEN and was used in 2012 to escape the Google Chrome sandbox to win the CanSecWest Pwn2Own contest.
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
M. David Weisman, a magistrate judge in Illinois’s Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects’ Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock […]
For $170, Motherboard’s Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target’s phone (the software’s manufacturer sells passcode-defeating apps that help you do this); once it’s loaded, you activate it with an SMS and then you can covertly operate the phone’s mic, steal its photos, and […]
Some employees with the U.S. Department of Homeland Security who work in the Washington, D.C. area and in Philadelphia, PA were unable to access the DHS computer network on Tuesday, reports Reuters, citing “three sources familiar with the matter.”
Although there will never be a consensus about the best way to make coffee, any coffee connoisseur will agree that controlling the grind of your beans and balancing water temperature are the keys to a tasty cup. Since your plastic coffee pot doesn’t really allow for that kind of customization, going back to the French […]
Not all hackers are malicious information thieves—white-hat ethical hackers work with technology companies to ensure the security of their computer systems and user data. With all of today’s high-profile data breaches, ethical hackers are in considerable demand. To learn these critical skills and break into the high-paying cyber security field, try taking the courses in this […]
Making people aware of goods and services in the digital age requires an array of new strategies from social media and email to number-crunching tools like Google Analytics. To get a handle on the techniques used to capture attention and convert traffic into dollars in a crowded online environment, the Full-Stack Marketer Bundle offers 22 hours of training to get […]