News / Science & Technology

'Mask' Malware Called 'Most Advanced' Cyber-espionage Operation

FILE - A man types on a computer keyboard.
FILE - A man types on a computer keyboard.

Related Articles

Sochi Games Present Hacking Minefield

If you do not need the device, do not take it, US State Department warns

More Questions than Answers About China Internet Outage

Chinese officials point to hackers, while others say it was a glitch in the Great Firewall that caused massive outages
Researchers at the Internet security firm Kaspersky Lab say they have uncovered what they’re calling “one of the most advanced global cyber-espionage operations to date.”

The malware is called “Careto,” which roughly means face or mask in Spanish. Since at least 2007, it has netted 380 unique victims in 31 countries, Kaspersky said.

Kaspersky called the Mask  “an extremely sophisticated piece of malware,” which is very hard to detect.

The malware predominantly targets government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists, Kaspersky said.

Countries where Mask infections have been observed include several in Latin America, including Argentina, Bolivia, Brazil, Colombia, Costa Rica, Cuba, Guatemala, Mexico and Venezuela.

Additional countries included China the United States, Turkey, Egypt, France, Germany, Belgium, Poland, South Africa, Spain, Switzerland, Tunisia and the United Kingdom.

Spanish language tie

Apart from the Mask’s duration and scope, it is of interest because the “authors appear to be native in the Spanish language which has been observed very rarely in APT (advanced persistent threat) attacks,” according to Kaspersky.

According to Christopher Burgess, CEO of Prevendra, Inc., an Internet security firm, “the Spanish-language market has not been a primary focus of the information security community at the enterprise/government or individual consumer level.”

“It is well known the Spanish banking software offerings are among the best, thus the targeting of the ingredients of the various countries’ economic backbones and foreign diplomacy of the region is most interesting,” he said.

Burgess said that the big question is who could pull this off?

Kaspersky offers one idea.

“Several reasons make us believe this could be a nation-state sponsored campaign, said Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab in a statement.

“First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack," he said.

"From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files," he said.

"These combine to put this APT ahead of Duqu (another malware) in terms of sophistication, making it one of the most advanced threats at the moment," he said. "This level of operational security is not normal for cyber-criminal groups.”

Dmitry Bestuzhev, head of Kaspersky’s research center for Latin America, has his own strong suspicions.

“We can certainly say it’s some Spanish speaking government,” he said in an email. “We say it’s a government because of the Careto complexity. The attackers invested a lot of science time and also money. This can be only a government.”

But Matthew Aid, a an independent intelligence analyst, said he didn’t think it was a nation-state like China, Russia or the U.S.

“It sounds like something a group of hackers would do,” he said.

He said that the programming used in a lot of malware systems that could be done by “some kids sitting at a terminal thinking how they can put malware out into the ether.”

“It’s not all that hard to do,” he said.

Taking off the 'Mask'

Kaspersky said they first became aware of the Mask last year when it tried “to exploit a vulnerability in the company’s products which was fixed five years ago.”

Infections occur through spear-phishing e-mails with links to a “malicious website.”

Spear-phishing emails appear to come from a trusted source. After infecting the computer, the malicious website sends the user to the real website referenced in the email.

Kaspersky said the Mask “can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch information from all Nokia devices, screen captures and monitor all file operations.”

Bestuzhev said the malware stole “secrets of the latest research done in the laboratories, diplomatic documents, government plans and documents in general.”

“It was also stealing private encryption keys and private encryption certificates used to cipher connections and locally stored data,” he said. “Additionally the attackers stole certificated used to signed PDF documents."

"It’s a very important point since now they can build malicious PDF files including exploits and when to sign them with a valid signature, so nobody would suspect it is something malicious which would allow to trespass many security filters,” he said.

Concerns about information

Aid said that he sometimes thinks Kaspersky can be “alarmist,” but that he liked that the company “goes places and looks under rocks” that other security firms don’t.

“They don’t give you the means by which you can make an independent assessment,” he said. “This is the sixth or seventh major storm they’ve raised, and then it disappears, and you sort of wonder has this malware disappeared or is it still out there in the ether?”

Kaspersky said that during the investigation into the Mask, the command and control servers, which were in Latin America, were shut down, meaning, at least temporarily, the malware can’t call home.

But Aid is quick to warn about the longevity of malware.

“When you insert something into the Internet, it never dies,” he said. “Once it’s on the Internet, it will never go away.”

You May Like

10 Migrants Drown, While 4,100 Rescued off Libyan Coast

All of those rescued are being ferried to Italian ports, with some arriving on Italy's southernmost island, Lampedusa, and others taken to Sicily and Calabria More

HRW: Saudi-led Airstrikes Use Banned Cluster Bombs

Human Rights Watch says photographs, video and other evidence have emerged indicating cluster munitions have been used in 'recent weeks' in airstrikes in Houthi stronghold in northern Yemen More

Hopes Fade of Finding Survivors of Nepal Earthquake

US military aircraft, heavy equipment and air traffic controllers arrive in Nepal to help manage growing piles of relief supplies clogging Kathmandu airport More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
From Aleppo To Berlin: Band of Brothers Escapes Civil Wari
X
Henry Ridgwell
May 03, 2015 1:12 AM
Hundreds of thousands of Syrians have fled the civil war in their country and journeyed to Europe by boat across the Mediterranean. It is a terrifying ordeal with dangers at every turn. A group of Syrian brothers and their friends describe their ordeal as they try to reach Germany. VOA's Henry Ridgwell reports. ...
Video

Video From Aleppo To Berlin: Band of Brothers Escapes Civil War

Hundreds of thousands of Syrians have fled the civil war in their country and journeyed to Europe by boat across the Mediterranean. It is a terrifying ordeal with dangers at every turn. A group of Syrian brothers and their friends describe their ordeal as they try to reach Germany. VOA's Henry Ridgwell reports. ...
Video

Video Rural Nepal Suffers Brunt of Quake’s Devastation

Nepal is still coming to grips with the full extent of the devastation and misery caused by last Saturday’s magnitude 7.8 earthquake. Some of the hardest-hit communities have been cut off by landslides making it difficult to assess the precise toll. A VOA News crew has been among the first to reach a few of the smaller, remote communities. Correspondent Steve Herman reports from the Sindhupolchak district, east of Kathmandu, which suffered greatly in Nepal’s worst quake in more than 80 years.
Video

Video Black Families Use Baltimore Case to Revisit 'Police Talk'

Following Freddie Gray’s death in police custody this month, VOA interviewed black families throughout the eastern U.S. city of Baltimore about how they discuss the case. Over and over, parents pointed to a crucial talk they say every black mother or father has with their children. Victoria Macchi has more on how this conversation is passed down through generations.
Video

Video Middle East Atheist Channel Defies Taboo

In Egypt, a deeply religious country in a deeply religious region, atheism is not only taboo, it is dangerous. It is sometimes even criminal to publicly declare nonbelief. Despite the danger, one group of activists is pushing back with a new online channel that defends the right not to believe. VOA’s Heather Murdock reports.
Video

Video Nepal Quake Survivors Tell Their Stories

Against all hope, rescuers have found a few more survivors of the devastating earthquake that hit Nepal last Saturday. Mountain climbers and hikers trapped in remote places also have been airlifted to safety, and aid is finally reaching people in the areas closest to the quake's epicenter. Survivors and rescuers are now recounting their experience. Zlatica Hoke has this story.
Video

Video Lessons for Germany, Europe Remain on Anniversary of WWII's End

The 70th anniversary of the end of World War II will be marked May 8-9 in all European countries except Germany, which lost the war. How is the war viewed there, and what impact is it still having? From Berlin, VOA’s Al Pessin reports.
Video

Video 'Woman in Gold' Uses Artwork as Symbol of Cultural Identity

Simon Curtis’ legal drama, "Woman in Gold," is based on the true story of an American Jewish refugee from Austria who fights to reclaim a famous Gustav Klimt painting stolen from her family by the Nazis during World War II. It's a haunting film that speaks to the hearts of millions who have sought to reclaim their past, stripped from them 70 years ago. VOA's Penelope Poulou reports.
Video

Video Nepal Town Destroyed By Quake Counts Itself Lucky

Foreign search teams on Wednesday began reaching some of the communities outside Kathmandu that suffered worse damage than Nepal’s capital from last Saturday’s massive earthquake. VOA Correspondent Steve Herman is in Sankhu - a town of about 10,000 people - where there is relief the death toll is not higher despite widespread destruction.
Video

Video First Surgical Glue Approved for Use Inside Body

While medical adhesives are becoming more common, none had been approved for use inside the body until now. Earlier this year, the first ever biodegradable surgical glue won that approval from the U.S. Food and Drug Administration. VOA’s Rosanne Skirble reports on the innovation and its journey from academia to market.
Video

Video Somali Hotel Chain Owner Strives to Make a Difference

Many in the Somali diaspora are returning home to make a new life despite the continuing risks. Since 2011 when a military campaign against Al-Shabab militants began making progress, members of the diaspora community have come back to open hospitals, schools, hotels, restaurants and other businesses. Abdulaziz Billow in Mogadishu profiles the owner of a chain of hotels and restaurants who is helping to bring change to the once-deadly Somali capital.
Video

Video Study: One in Six Species Threatened with Extinction

Climate change is transforming the planet. Unless steps are taken to reduce global warming, scientists predict rising seas, stronger and more frequent storms, drought, fire and floods. As VOA’s Rosanne Skirble reports, a new study on species extinction underscores the need to take action to avoid the most catastrophic effects of rising temperatures.
Video

Video Taviani Brothers' 'Wondrous Boccaccio' Offers Tales of Love, Humor

The Italian duo of Paolo and Vittorio Taviani have been making movies for half a century: "The Night of the Shooting Stars," "Padre Padrone," "Good Morning, Babylon." Now in their 80s, the brothers have turned to one of the treasures of Italian culture for their latest film. VOA’s Carolyn Weaver reports.
Video

Video Child Migrants Cross Mediterranean Alone, Face Unknown Future

Among the thousands of migrants making the deadly journey by boat to Europe, there are unaccompanied girls and boys. Some have been sent by relatives to earn money; others are orphaned or fleeing war. From a shelter for young migrants in the Sicilian town of Caltagirone, VOA's Henry Ridgwell reports.
Video

Video Baltimore Riots Shed Light on City’s Troubled Past

National Guard troops took up positions Tuesday in Baltimore, Maryland, as authorities tried to restore order after rioting broke out a day earlier. It followed Monday's funeral of a 25-year-old black man who died while in police custody earlier this month. VOA's Chris Simkins reports.
Video

Video Challenges Await Aid Organizations on the Ground in Nepal

A major earthquake rocked Nepal on Saturday and killed thousands, injured thousands more and sent countless Nepalese outside to live in makeshift tent villages. The challenges to Nepal are enormous, with some reconstruction estimates at around $5 billion. Aid workers from around the world face challenges getting into Nepal, which likely makes for a difficult recovery. Arash Arabasadi has the story from Washington.

Poll: Baltimore Police Charged

Poll archive

VOA Blogs