Kaspersky Lab researchers recently released a paper which revealed a five year “cyber espionage operation that used highly sophisticated multi-platform malware” to compromise hundreds of “government and private organizations in more than 30 countries“, according to an article published by PC World. This operation – which Kaspersky has referred to as “The Mask” (English translation for the Spanish word Careto) in their report, went on “undetected“, according to PC World.
The article quotes the Kaspersky researchers to have written in the report, “When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyze WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations.” The article continues to quote the researchers by saying, “The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP [remote desktop protocol] files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools.”
The article indicates – per findings by Kaspersky – that “servers used by the attackers revealed more than 380 unique victims from 31 countries.” According to the article, Kaspersky has found that the Mask operation’s primary targets were “government institutions; embassies and other diplomatic missions; energy, oil and gas companies; research institutions; private equity firms and activists.” Kaspersky researchers said that “Careto hooks have sunk into systems worldwide“, according to the article.
Read much more in the full article about “The Mask” and all that researchers and industry security professionals have to discover in the aftermath.