Espionage malware may be state-sponsored, researchers say

Feb 10, 2014
Eugene Kaspersky, CEO of Kaspersky Lab, takes part in a conversation entitled "How Cyber-Weapons Impact Global IT Security" speak at the 2013 Government Cyersecurity Forum in Washington, DC on June 4, 2013

Security researchers said Monday they discovered cyber-espionage malware which has hit governments and companies in 31 countries and is likely state-sponsored.

Kaspersky Lab researchers said the Spanish-language known as "The Mask" or "Careto" has been used since at least 2007 and is unusually complex, with versions that may infect mobile phones and tablets, including those running Apple or Google operating systems.

The researchers said the authors who appear to be Spanish speakers may use the virus to steal sensitive documents as well as encryption keys.

The main targets appear to be government and diplomatic offices, energy companies, research organizations, private equity firms and political activists, according to a white paper from Kaspersky.

"For the victims, an infection with Careto can be disastrous," the security firm said in a statement.

"Careto intercepts all communication channels and collects the most vital information from the victim's machine. Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities and additional cyber-espionage modules."

Once a device is infected, the malware authors can intercept network traffic, keystrokes, Skype conversations and steal information from devices connected to the networks.

The researchers said in their report they detected "traces of Linux versions, and possibly versions for iPad/iPhone and Android, however we have not been able to retrieve the samples."

The malware was active from 2007 until last month, when the command servers were shut down during Kaspersky's investigation, the researchers said.

"Several reasons make us believe this could be a nation-state sponsored campaign," Kaspersky researcher Costin Raiu said.

Raiu said the authors showed a high degree of technical sophistication and have been able to hide their activities so far.

"This level of operational security is not normal for cyber-criminal groups," he said.

"The fact that the Careto attackers appear to be speaking the Spanish language is perhaps the most unusual feature," the research paper said.

"While most of the known attacks nowadays are filled with Chinese comments, languages such as German, French or Spanish appear very rarely in APT (advanced persistent threat) attacks."

The investigation found 380 victims in 31 countries, the most infected of which were Morocco, Brazil, Britain, Spain, France, Switzerland, Libya, the United States, Iran and Venezuela.

Explore further: Surge in mobile network infections in 2013, says report

add to favorites email to friend print save as pdf

Related Stories

Researchers warn of 'hit and run' cyber attackers

Sep 26, 2013

Security researchers said Wednesday they uncovered a "cyber mercenary" team which specializes in attacks on targets in Japan and South Korea, and warned of more operations of that nature.

Kaspersky team reveals Stuxnet family of weapons

Dec 29, 2011

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Global wave of Flame cyber attacks called staggering

May 28, 2012

(Phys.org) -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds ...

Surge in mobile network infections in 2013, says report

Jan 29, 2014

Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal ...

Malware hunter Kaspersky warns of cyber war dangers

Jun 06, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Recommended for you

Samsung phones cleared for US government use

41 minutes ago

Samsung Electronics Co. said Tuesday some of its Galaxy mobile devices were approved by the National Security Agency for use with classified U.S. government networks and data, a boost to the company's efforts to expand in ...

Amazon, Simon & Schuster sign book retail deal

1 hour ago

Amazon has reached a deal with American book publisher Simon & Schuster, the companies said, though the e-commerce giant remains at loggerheads with France's Hachette over e-book pricing.

Review: Apple Pay in action

2 hours ago

If there ever comes a day I can ditch my wallet and use my phone to pay for everything, I'll look back to my first purchase through Apple Pay: a Big Mac and medium fries for $5.44. That wallet-free day won't ...

User comments : 0