Kaspersky Lab, the Moscow-based computer security software firm, has unearthed a cyber-spying campaign apparently started by a Spanish-speaking country. The campaign targeted government agencies, energy companies and activists in 31 countries.
Image by Kaspersky Labs
The campaign, dubbed as “The Mask” (translation for the Spanish word Careto), was stopped last week, but has been operational since 2007; infecting more than 380 targets, according to the Russian security software firm on Monday.
The Mask campaign used malware to steal documents, encryption keys, and other sensitive files besides controlling the infected computer completely. It infected computers running Microsoft Corp’s Windows and Apple Inc’s Mac software, and mobile devices running Apple’s iOS and Google Inc’s Android software, added the Kaspersky Lab.
The firm further confirmed that the spying activities were most prominent in Morocco, Brazil, UK, France and Spain according to the firm though it declined to comment on the government suspected to be behind the large scale spying.
Commenting on difficulty in identifying the possible suspects behind The Mask, Liam O’Murchu, a researcher at Symantec Corp, said via an email, “the code is professionally written, but it’s even difficult to say whether is it written by a government or by a private company that sells this type of software.”
Most of the cyber crimes, uncovered so far, have originated in the US, China, Russia and Brazil. The involvement of a Spanish speaking country in such a cyber crime is first of its kind.
The discovery came to light because Kaspersky’s security software was infected hinting increased level of Internet spying globally.
“There are many super-advanced groups that we don’t know about. This is the tip of the iceberg,” Costin Raiu, the Director of Kaspersky’s global research team, said at his company sponsored conference in Dominican Republic.
The Director added that The Mask hackers took advantage of a flaw in Adobe Systems Inc’s Flash software that allowed the hackers to get into the infected computer through the Google’s web browser, Chrome.
Additionally, the hackers were aided by the booming “zero-day” exploits market–a market for undisclosed software flaws and tools for exploiting them. Makers of the affected software are unaware of such flaws whereas the buyers of zero-days leave the software vulnerabilities unfixed to deploy spy software, said Raiu adding that the Mask apparently had links to zero-day companies.
