Researchers at Kaspersky Labs have uncovered a new, long-lived piece of espionage malware called Careto (Spanish for "Mask"). The software, which attacks Windows, Mac OS and GNU/Linux, has been running since at least 2007 and has successfully targeted at least 380 victims in 31 countries, gaining access via directed spear-phishing attacks, which included setting up fake sites to impersonate The Guardian. The Mask was thought to be the work of a government, and its targets were "government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists." It is possible that the Mask also targeted Android and Ios devices.
The authors appear to be native in the Spanish language which has been observed very rarely in APT attacks.
The campaign was active for at least five years until January 2014 (some Careto samples were compiled in 2007). During the course of Kaspersky Lab’s investigations, the command-and-control (C&C) servers were shut down.
We counted over 380 unique victims between 1000+ IPs. Infections have been observed in: Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom, United States and Venezuela.
The complexity and universality of the toolset used by the attackers makes this cyber-espionage operation very special. This includes leveraging high-end exploits, an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS). The Mask also used a customized attack against Kaspersky Lab’s products.
Among the attack’s vectors, at least one Adobe Flash Player exploit (CVE-2012-0773) was used. It was designed for Flash Player versions prior to 10.3 and 11.2. This exploit was originally discovered by VUPEN and was used in 2012 to escape the Google Chrome sandbox to win the CanSecWest Pwn2Own contest.
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
Ethan Zuckerman — formerly of Global Voices, now at the MIT Center for Civic Media — has spent his career trying to find thoughtful, effective ways to use technology as a lever to make positive social change (previously), but that means that he also spends a lot of time in the company of people making […]
Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies — and how we can prevent the same things from happening next time.
At this week’s O’Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN — a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees.
Experienced shutterbugs with DSLR cameras have boatloads of lens options for capturing the moment. Unfortunately, smartphone photographers often get stuck with their one crummy lens, which means limited zoom and focus for their final image.Step up your smartphone’s photographic power with the Acesori 5-Piece Smartphone Camera Lens Kit, now just $9.99 in the Boing Boing Store.Magnetic rings easily […]
Some truths are universal. For one, your phone will always run out of power when you most need it. For another, the charging cords that come packaged with your Apple device will fray, split, and rip faster than Usain Bolt in a game of tag.Instead, pick up a charging cord that anyone would have a tough […]
Some people say magic tricks are nerdy and best left to your 12-year-old asthmatic cousin. But others see value in perfecting the slight of hand and showmanship associated with a perfectly executed routine. We’re firmly in the latter camp. And now, we’re giving you the ability to put a few parlor tricks up your sleeve with the Penguin […]