News / Science & Technology

    'Mask' Malware Called 'Most Advanced' Cyber-espionage Operation

    FILE - A man types on a computer keyboard.
    FILE - A man types on a computer keyboard.

    Related Articles

    Sochi Games Present Hacking Minefield

    If you do not need the device, do not take it, US State Department warns

    More Questions than Answers About China Internet Outage

    Chinese officials point to hackers, while others say it was a glitch in the Great Firewall that caused massive outages
    Researchers at the Internet security firm Kaspersky Lab say they have uncovered what they’re calling “one of the most advanced global cyber-espionage operations to date.”

    The malware is called “Careto,” which roughly means face or mask in Spanish. Since at least 2007, it has netted 380 unique victims in 31 countries, Kaspersky said.

    Kaspersky called the Mask  “an extremely sophisticated piece of malware,” which is very hard to detect.

    The malware predominantly targets government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists, Kaspersky said.

    Countries where Mask infections have been observed include several in Latin America, including Argentina, Bolivia, Brazil, Colombia, Costa Rica, Cuba, Guatemala, Mexico and Venezuela.

    Additional countries included China the United States, Turkey, Egypt, France, Germany, Belgium, Poland, South Africa, Spain, Switzerland, Tunisia and the United Kingdom.

    Spanish language tie

    Apart from the Mask’s duration and scope, it is of interest because the “authors appear to be native in the Spanish language which has been observed very rarely in APT (advanced persistent threat) attacks,” according to Kaspersky.

    According to Christopher Burgess, CEO of Prevendra, Inc., an Internet security firm, “the Spanish-language market has not been a primary focus of the information security community at the enterprise/government or individual consumer level.”

    “It is well known the Spanish banking software offerings are among the best, thus the targeting of the ingredients of the various countries’ economic backbones and foreign diplomacy of the region is most interesting,” he said.

    Burgess said that the big question is who could pull this off?

    Kaspersky offers one idea.

    “Several reasons make us believe this could be a nation-state sponsored campaign, said Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab in a statement.

    “First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack," he said.

    "From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files," he said.

    "These combine to put this APT ahead of Duqu (another malware) in terms of sophistication, making it one of the most advanced threats at the moment," he said. "This level of operational security is not normal for cyber-criminal groups.”

    Dmitry Bestuzhev, head of Kaspersky’s research center for Latin America, has his own strong suspicions.

    “We can certainly say it’s some Spanish speaking government,” he said in an email. “We say it’s a government because of the Careto complexity. The attackers invested a lot of science time and also money. This can be only a government.”

    But Matthew Aid, a an independent intelligence analyst, said he didn’t think it was a nation-state like China, Russia or the U.S.

    “It sounds like something a group of hackers would do,” he said.

    He said that the programming used in a lot of malware systems that could be done by “some kids sitting at a terminal thinking how they can put malware out into the ether.”

    “It’s not all that hard to do,” he said.

    Taking off the 'Mask'

    Kaspersky said they first became aware of the Mask last year when it tried “to exploit a vulnerability in the company’s products which was fixed five years ago.”

    Infections occur through spear-phishing e-mails with links to a “malicious website.”

    Spear-phishing emails appear to come from a trusted source. After infecting the computer, the malicious website sends the user to the real website referenced in the email.

    Kaspersky said the Mask “can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch information from all Nokia devices, screen captures and monitor all file operations.”

    Bestuzhev said the malware stole “secrets of the latest research done in the laboratories, diplomatic documents, government plans and documents in general.”

    “It was also stealing private encryption keys and private encryption certificates used to cipher connections and locally stored data,” he said. “Additionally the attackers stole certificated used to signed PDF documents."

    "It’s a very important point since now they can build malicious PDF files including exploits and when to sign them with a valid signature, so nobody would suspect it is something malicious which would allow to trespass many security filters,” he said.

    Concerns about information

    Aid said that he sometimes thinks Kaspersky can be “alarmist,” but that he liked that the company “goes places and looks under rocks” that other security firms don’t.

    “They don’t give you the means by which you can make an independent assessment,” he said. “This is the sixth or seventh major storm they’ve raised, and then it disappears, and you sort of wonder has this malware disappeared or is it still out there in the ether?”

    Kaspersky said that during the investigation into the Mask, the command and control servers, which were in Latin America, were shut down, meaning, at least temporarily, the malware can’t call home.

    But Aid is quick to warn about the longevity of malware.

    “When you insert something into the Internet, it never dies,” he said. “Once it’s on the Internet, it will never go away.”

    You May Like

    Turkey, US Splits Deepen Over Support for Kurdish Militants

    Ankara summons American ambassador to protest remarks by State Department spokesman who said Washington does not consider Syria's Kurdish Democracy Union Party (PYD) a terrorist organization

    Obama Seeking $19 Billion for National Cybersecurity

    Move, touted as attempt to build broad, cohesive federal response to cyberthreats, calls for increase in cybersecurity spending across all government agencies

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire, who sound off on foreign policy issues such as the Guantanamo Bay prison, the Israeli-Palestinian conflict and the wars in Iraq, Syria and Yemen

    This forum has been closed.
    Comments
         
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Valentine's Day Stinks for Lebanese Clownsi
    X
    February 09, 2016 8:04 PM
    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Valentine's Day Stinks for Lebanese Clowns

    This weekend, on Valentine's Day in Lebanon, love is not the only thing in the air. More than half a year after the country's trash crisis began, the stink of uncollected garbage remains on the streets. Step forward "Clown Me In," a group of clowns who use their skills for activism. Before the most romantic day of the year the clowns have released their unusual take on love in Lebanon -- in a bid to keep the pressure up and get the trash off the streets. John Owens reports from Beirut.
    Video

    Video Rocky Year Ahead for Nigeria Amid Oil Price Crash

    The global fall in the price of oil has rattled the economies of many petroleum exporters, and Africa’s oil king Nigeria is no exception. As Chris Stein reports from Lagos, analysts are predicting a rough year ahead for the continent’s top producer of crude.
    Video

    Video Foreign Policy Weighs Heavy for Some US Voters

    VOA talks to protesters in Manchester, New Hampshire who sound off on foreign policy issues such as the Guantanamo Bay Prison, the Israeli-Palestinian conflict, Middle East Affairs and national security.
    Video

    Video 'No Means No' Program Targets Sexual Violence in Kenya

    The organizers of an initiative to reduce and stop rape in the informal settlements around Kenya's capital say their program is having marked success. Girls are taking self-defense classes while the boys are learning how to protect the girls and respect them. Lenny Ruvaga reports from Nairobi.
    Video

    Video New Hampshire Voters Are Independent, Mindful of History

    Once every four years, the northeastern state of New Hampshire becomes the center of the U.S. political universe with its first-in-the-nation presidential primary. What's unusual about New Hampshire is how seriously the voters take their role and the responsibility of being among the first to weigh in on the candidates.
    Video

    Video Chocolate Lovers Get a Sweet History Lesson

    Observed in many countries around the world, Valentine’s Day is sometimes celebrated with chocolate festivals. But at a festival near Washington, the visitors experience a bit more than a sugar rush. They go on a sweet journey through history. VOA’s June Soh takes us to the festival.
    Video

    Video 'Smart' Bandages Could Heal Wounds More Quickly

    Simple bandages are usually seen as the first line of attack in healing small to moderate wounds and burns. But scientists say new synthetic materials with embedded microsensors could turn bandages into a much more valuable tool for emergency physicians. VOA’s George Putic reports.
    Video

    Video Bhutanese Refugees in New Hampshire Closely Watching Primary Election

    They fled their country and lived in refugee camps in neighboring Nepal for decades before being resettled in the northeastern U.S. state of New Hampshire -- now the focus of the U.S. presidential contest. VOA correspondent Aru Pande spoke with members of the Bhutanese community, including new American citizens, about the campaign and the strong anti-immigrant rhetoric of some of the candidates.
    Video

    Video Researchers Use 3-D Printer to Produce Transplantable Body Parts

    Human organ transplants have become fairly common around the world in the past few decades. Researchers at various universities are coordinating their efforts to find solutions -- including teams at the University of Pennsylvania and Rice University in Houston that are experimenting with a 3-D printer -- to make blood vessels and other structures for implant. As VOA’s Greg Flakus reports from Houston, they are also using these artificial body parts to seek ways of defeating cancerous tumors.
    Video

    Video Helping the Blind 'See' Great Art

    There are 285 million blind and visually impaired people in the world who are unable to enjoy visual art at a museum. One New York photographer is trying to fix this situation by making tangible copies of the world’s masterpieces. VOA correspondent Victoria Kupchinetsky was there as visually impaired people got a feel for great art. Joy Wagner narrates her report.
    Video

    Video German Artists to Memorialize Refugees With Life Jacket Exhibit

    Sold in every kind of shop in some Turkish port towns, life jackets have become a symbol of the refugee crisis that brought a million people to Europe in 2015.  On the shores of Lesbos, Greece, German artists collect discarded life jackets as they prepare an art installation they plan to display in Germany.  For VOA, Hamada Elrasam has this report from Lesbos, Greece.
    Video

    Video E-readers Help Ease Africa's Book Shortage

    Millions of people in Africa can't read, and there's a chronic shortage of books. A non-profit organization called Worldreader is trying to help change all that one e-reader at a time. VOA’s Deborah Block tells us about a girls' school in Nairobi, Kenya where Worldreader is making a difference.
    Video

    Video Genius Lets World Share Its Knowledge

    Inspired by crowdsourcing companies like Wikipedia, Genius allows anyone to edit anything on the web, using its web annotation tool
    Video

    Video In Philippines, Mixed Feelings About Greater US Military Presence

    In the Philippines, some who will be directly affected by a recent Supreme Court decision clearing the way for more United States troop visits are having mixed reactions.  The increased rotations come at a time when the Philippines is trying to build up its military in the face of growing maritime assertiveness from China.  From Bahile, Palawan on the coast of the South China Sea, Simone Orendain has this story.