News / Science & Technology

'Mask' Malware Called 'Most Advanced' Cyber-espionage Operation

FILE - A man types on a computer keyboard.
FILE - A man types on a computer keyboard.

Related Articles

Sochi Games Present Hacking Minefield

If you do not need the device, do not take it, US State Department warns

More Questions than Answers About China Internet Outage

Chinese officials point to hackers, while others say it was a glitch in the Great Firewall that caused massive outages
Researchers at the Internet security firm Kaspersky Lab say they have uncovered what they’re calling “one of the most advanced global cyber-espionage operations to date.”

The malware is called “Careto,” which roughly means face or mask in Spanish. Since at least 2007, it has netted 380 unique victims in 31 countries, Kaspersky said.

Kaspersky called the Mask  “an extremely sophisticated piece of malware,” which is very hard to detect.

The malware predominantly targets government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists, Kaspersky said.

Countries where Mask infections have been observed include several in Latin America, including Argentina, Bolivia, Brazil, Colombia, Costa Rica, Cuba, Guatemala, Mexico and Venezuela.

Additional countries included China the United States, Turkey, Egypt, France, Germany, Belgium, Poland, South Africa, Spain, Switzerland, Tunisia and the United Kingdom.

Spanish language tie

Apart from the Mask’s duration and scope, it is of interest because the “authors appear to be native in the Spanish language which has been observed very rarely in APT (advanced persistent threat) attacks,” according to Kaspersky.

According to Christopher Burgess, CEO of Prevendra, Inc., an Internet security firm, “the Spanish-language market has not been a primary focus of the information security community at the enterprise/government or individual consumer level.”

“It is well known the Spanish banking software offerings are among the best, thus the targeting of the ingredients of the various countries’ economic backbones and foreign diplomacy of the region is most interesting,” he said.

Burgess said that the big question is who could pull this off?

Kaspersky offers one idea.

“Several reasons make us believe this could be a nation-state sponsored campaign, said Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab in a statement.

“First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack," he said.

"From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files," he said.

"These combine to put this APT ahead of Duqu (another malware) in terms of sophistication, making it one of the most advanced threats at the moment," he said. "This level of operational security is not normal for cyber-criminal groups.”

Dmitry Bestuzhev, head of Kaspersky’s research center for Latin America, has his own strong suspicions.

“We can certainly say it’s some Spanish speaking government,” he said in an email. “We say it’s a government because of the Careto complexity. The attackers invested a lot of science time and also money. This can be only a government.”

But Matthew Aid, a an independent intelligence analyst, said he didn’t think it was a nation-state like China, Russia or the U.S.

“It sounds like something a group of hackers would do,” he said.

He said that the programming used in a lot of malware systems that could be done by “some kids sitting at a terminal thinking how they can put malware out into the ether.”

“It’s not all that hard to do,” he said.

Taking off the 'Mask'

Kaspersky said they first became aware of the Mask last year when it tried “to exploit a vulnerability in the company’s products which was fixed five years ago.”

Infections occur through spear-phishing e-mails with links to a “malicious website.”

Spear-phishing emails appear to come from a trusted source. After infecting the computer, the malicious website sends the user to the real website referenced in the email.

Kaspersky said the Mask “can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch information from all Nokia devices, screen captures and monitor all file operations.”

Bestuzhev said the malware stole “secrets of the latest research done in the laboratories, diplomatic documents, government plans and documents in general.”

“It was also stealing private encryption keys and private encryption certificates used to cipher connections and locally stored data,” he said. “Additionally the attackers stole certificated used to signed PDF documents."

"It’s a very important point since now they can build malicious PDF files including exploits and when to sign them with a valid signature, so nobody would suspect it is something malicious which would allow to trespass many security filters,” he said.

Concerns about information

Aid said that he sometimes thinks Kaspersky can be “alarmist,” but that he liked that the company “goes places and looks under rocks” that other security firms don’t.

“They don’t give you the means by which you can make an independent assessment,” he said. “This is the sixth or seventh major storm they’ve raised, and then it disappears, and you sort of wonder has this malware disappeared or is it still out there in the ether?”

Kaspersky said that during the investigation into the Mask, the command and control servers, which were in Latin America, were shut down, meaning, at least temporarily, the malware can’t call home.

But Aid is quick to warn about the longevity of malware.

“When you insert something into the Internet, it never dies,” he said. “Once it’s on the Internet, it will never go away.”

You May Like

Islamic State Survivor: A Yazidi Girl's Tale

Sarah Said Haydar, captured a year ago while fleeing Islamic State onslaught in northern Iraq, was so traumatized by militants, she sought to end her own life More

EU, US Applaud Kosovo Law on Special Court

Joint statement says lawmakers' decision to address allegations of war crimes 'demonstrated their commitment to the rule of law and to honor international agreements' More

ASEAN Ministers to Push for S. China Sea Agreements

According to documents obtained by VOA Khmer, ministers will stand up for 'freedom of navigation, unimpeded lawful maritime commerce, trade and over flight' More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Cambodia Makes Progress Curbing Bear Tradei
X
Robert Carmichael
August 04, 2015 3:07 PM
Cambodia’s wild bears are under unprecedented pressure. Their native forests are being cut down at record rates, and China's huge demand for traditional medicine has made them targets. But experts say Cambodia's conservation efforts are setting an example that has put it well ahead of its neighbors in protecting bears. Robert Carmichael reports for VOA from Phnom Penh.
Video

Video Cambodia Makes Progress Curbing Bear Trade

Cambodia’s wild bears are under unprecedented pressure. Their native forests are being cut down at record rates, and China's huge demand for traditional medicine has made them targets. But experts say Cambodia's conservation efforts are setting an example that has put it well ahead of its neighbors in protecting bears. Robert Carmichael reports for VOA from Phnom Penh.
Video

Video Growing Number of E. Jerusalem Palestinians Seek Israeli Citizenship

Most Palestinians living in East Jerusalem have long rejected the option of full Israeli citizenship, seeing it as a betrayal to their political cause - the formation of a Palestinian state with East Jerusalem as its capital. But as that dream remains elusive, more and more Palestinians are applying for Israeli citizenship. Zlatica Hoke reports the decision is hard for many Palestinians who say they have to be pragmatic about it.
Video

Video With No Money, More Students, African Universities Struggle

Academics from around the African continent converged in Johannesburg last week for the African Universities Summit, a chance to tackle some of the major issues facing higher education in Africa today. VOA's Anita Powell reports from Johannesburg.
Video

Video Iraqi Yazidis Fear Death of Their Community

A year ago on August 3, Islamic State militants stormed the homelands of Iraq’s Yazidi minority, killing hundreds of men and enslaving thousands of women. The scenes of desperate Yazidi families crowding on the top of Sinjar mountain without food or water spurred Kurdish fighters into action, an emergency airlift and the start of the U.S. airstrike campaign against the Islamic State Sunni extremists. VOA's Sharon Benh reports from northern Iraq.
Video

Video Bangkok Warned It Soon Could Be Submerged

Italy's Venice and America's New Orleans are not the only cities gradually submerging. The nearly ten million residents of the Bangkok urban area now must confront warnings the city could become uninhabitable in a few decades. VOA Correspondent Steve Herman reports from the Thai capital.
Video

Video Inclusive Gym Gets People With Disabilities in Fitness Spirit

Individuals with special needs are 58 percent more likely to be obese than the general population. According to the U.S. Centers for Disease Control, they also have an increased likelihood of anxiety, depression and social isolation. But a sports club outside Washington wants to make a difference in these people's lives. With Carol Pearson narrating, VOA's June Soh reports.
Video

Video Wisconsin's Voter ID Law Still Mired In Controversy

Voter ID laws have sparked controversy across the US. More than 30 states enacted laws requiring citizens to show identification before they vote. Against fierce opposition, the state of Wisconsin recently enacted one the most restrictive voter ID laws in country. As Jeff Swicord reports, no one can predict its impact as the 2016 election nears.
Video

Video Astronauts Train Underwater for Deep Space Missions

Manned deep space missions are still a long way off, but space agencies are already testing procedures, equipment and human stamina for operations in extreme environment conditions. Small groups of astronauts take turns in spending days in an underwater lab, off Florida’s southern coast, simulating future missions to some remote world. VOA’s George Putic reports.
Video

Video Ebola Vaccine Hailed as Highly Effective

At last, there's a way to end the suffering from the Ebola epidemic that has ravaged West Africa for more than a year. Researchers say the vaccine is so effective, there may never be a major outbreak of Ebola again. VOA's Carol Pearson reports.
Video

Video Special Olympics Show Competitors' Skill, Determination

Special Olympics competitions will wrap up Saturday in Los Angeles, and the closing ceremony for athletes with intellectual disabilities will be held Sunday night. In a week of competition, athletes have shown what they can do through skill and determination. VOA's Mike O'Sullivan reports.
Video

Video Civil Rights Leaders Struggled to Achieve Voting Rights Act

Fifty years ago, lawmakers approved, and U.S. President Lyndon Johnson signed, the Voting Rights Act of 1965. The measure outlawed racial discrimination in voting, giving millions of blacks in many parts of the southern United States federal enforcement of the right to vote. Correspondent Chris Simkins introduces us to some civil rights leaders who were on the front lines in the struggle for voting rights.
Video

Video Shooter’s Grill: Serving Food with a Touch of the Second Amendment

Shooter's Grill, a restaurant in Rifle, Colorado, attracts visitors from all over the world as well as local patrons. The reason? Waitresses openly carry loaded firearms as they serve food, and customers are welcome to carry them, too. VOA's Enming Liu and Lin Yang paid a visit to Shooter's Grill, and heard different opinions about this unique establishment.
Video

Video Despite Controversy, Business Owner Continues Sale of Confederate Flags

At Cooter’s, a store in rural Sperryville, Virginia, about 120 kilometers west of Washington, D.C., Confederate flags are flying off the shelves. The red, white and blue battle flag, with 13 white stars representing the Confederate states, was carried by southern forces during the U.S. Civil War in the 1860s. The South had seceded from the Union over several key issues of disagreement, including slavery. VOA’s Deborah Block has the story.
Video

Video Booming London Property a ‘Haven for Dirty Money’

Billions of dollars of so-called ‘dirty money’ from the proceeds of crime - especially from Russia - are being laundered through the London property market, according to anti-corruption activists. As Henry Ridgwell reports from the British capital, the government has pledged to crack down on the practice.
Video

Video Hometown of Boy Scouts of America Founder Reacts to Gay Leader Decision

Ottawa, Illinois, is the hometown of W.D. Boyce, who founded the Boy Scouts of America in 1910. In Ottawa, where Scouting remains an important part of the legacy of the community, the end of the organization's ban on openly gay adult leaders was seen as inevitable. VOA's Kane Farabaugh reports.

VOA Blogs