Kaspersky Lab uncovers "The Mask" used by the Attackers
Kaspersky Lab’s security research team has announced the discovery of “The Mask” (aka Careto), an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007. The Mask special toolset used by the attackers includes a sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iOS (iPad/iPhone).
Victims of this targeted attack have been found in 31 countries around the world – from the Middle East and Europe to Africa and the Americas.
Costin Raiu, Director of the Global Research and Analysis Team (GReAT), Kaspersky Lab, said, “Several reasons make us believe this could be a nation-state sponsored campaign. First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack. From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files. This level of operational security is not normal for cyber-criminal groups.”
Kaspersky Lab researchers initially became aware of Careto last year when they observed attempts to exploit a vulnerability in the company’s products which was fixed five years ago. The exploit provided the malware the capability to avoid detection. Of course, this situation raised their interest and this is how the investigation started.
For the victims, an infection with Careto can be disastrous. Careto intercepts all communication channels and collects the most vital information from the victim’s machine. According to Kaspersky Lab’s analysis report, “The Mask” campaign relies on spear-phishing e-mails with links to a malicious website.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.