Espionage malware may be state-sponsored, researchers say

February 10, 2014
Eugene Kaspersky, CEO of Kaspersky Lab, takes part in a conversation entitled "How Cyber-Weapons Impact Global IT Security" speak at the 2013 Government Cyersecurity Forum in Washington, DC on June 4, 2013

Security researchers said Monday they discovered cyber-espionage malware which has hit governments and companies in 31 countries and is likely state-sponsored.

Kaspersky Lab researchers said the Spanish-language known as "The Mask" or "Careto" has been used since at least 2007 and is unusually complex, with versions that may infect mobile phones and tablets, including those running Apple or Google operating systems.

The researchers said the authors who appear to be Spanish speakers may use the virus to steal sensitive documents as well as encryption keys.

The main targets appear to be government and diplomatic offices, energy companies, research organizations, private equity firms and political activists, according to a white paper from Kaspersky.

"For the victims, an infection with Careto can be disastrous," the security firm said in a statement.

"Careto intercepts all communication channels and collects the most vital information from the victim's machine. Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities and additional cyber-espionage modules."

Once a device is infected, the malware authors can intercept network traffic, keystrokes, Skype conversations and steal information from devices connected to the networks.

The researchers said in their report they detected "traces of Linux versions, and possibly versions for iPad/iPhone and Android, however we have not been able to retrieve the samples."

The malware was active from 2007 until last month, when the command servers were shut down during Kaspersky's investigation, the researchers said.

"Several reasons make us believe this could be a nation-state sponsored campaign," Kaspersky researcher Costin Raiu said.

Raiu said the authors showed a high degree of technical sophistication and have been able to hide their activities so far.

"This level of operational security is not normal for cyber-criminal groups," he said.

"The fact that the Careto attackers appear to be speaking the Spanish language is perhaps the most unusual feature," the research paper said.

"While most of the known attacks nowadays are filled with Chinese comments, languages such as German, French or Spanish appear very rarely in APT (advanced persistent threat) attacks."

The investigation found 380 victims in 31 countries, the most infected of which were Morocco, Brazil, Britain, Spain, France, Switzerland, Libya, the United States, Iran and Venezuela.

Explore further: Researchers warn of 'hit and run' cyber attackers

Related Stories

Researchers warn of 'hit and run' cyber attackers

September 26, 2013

Security researchers said Wednesday they uncovered a "cyber mercenary" team which specializes in attacks on targets in Japan and South Korea, and warned of more operations of that nature.

Kaspersky team reveals Stuxnet family of weapons

December 29, 2011

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Global wave of Flame cyber attacks called staggering

May 28, 2012

(Phys.org) -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds are state-sponsored ...

Surge in mobile network infections in 2013, says report

January 29, 2014

Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal ...

Malware hunter Kaspersky warns of cyber war dangers

June 6, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Recommended for you

Musk, Zuckerberg duel over artificial intelligence

July 25, 2017

Visionary entrepreneur Elon Musk and Facebook chief Mark Zuckerberg were trading jabs on social media over artificial intelligence this week in a debate that has turned personal between the two technology luminaries.

Microsoft Paint brushed aside

July 24, 2017

Microsoft on Monday announced the end of days for its pioneering Paint application as it focuses on software for 3-D drawing.

Hyperloop or hyperbole? Musk promises NY-DC run in 29 mins

July 21, 2017

US entrepreneur Elon Musk said Thursday he'd received tentative approval from the government to build a conceptual "hyperloop" system that would blast passenger pods down vacuum-sealed tubes from New York to Washington at ...

Google, EU dig in for long war

July 20, 2017

Google and the EU are gearing up for a battle that could last years, with the Silicon Valley behemoth facing a relentless challenge to its ambition to expand beyond search results.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.