Kaspersky uncovers global cyber espionage plot

Russian IT security firm Kaspersky has uncovered a global cyber espionage plot - possibility state-sponsored - targeting governments, embassies, research units and critical sectors like energy, oil and gas.
Although the origin of the attack was not disclosed, it said the main objective of the attackers was to gather sensitive data from the infected systems.
Kaspersky found "infections" across nations -- Argentina, Belgium, Brazil, China, Cuba, Egypt, France, Germany, Iran, Iraq, Libya, Pakistan, Turkey, the UK and the US.
Codenamed 'The Mask' (aka Careto), the tool includes an extremely sophisticated malware, a rootkit, a bootkit, Mac operating system X and Linux versions and possibly versions for Android and iOS (iPad/iPhone), Kaspersky said in a statement.

The sensitive data included not only office documents, but also various encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by the Remote Desktop Client to automatically open a connection to the reserved computer).
"Several reasons make us believe this could be a nation-state sponsored campaign. First of all, we observed a very high degree of professionalism in operational procedures of the group behind this attack.

"From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files," Kaspersky Lab Director of the Global Research and Analysis Team (GReAT) Costin Raiu said.

"This level of operational security is not normal for cyber-criminal groups," he added.
The primary targets of attacks are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organisations and activists.
"The Mask is an advanced Spanish-language speaking threat actor that has been involved in global cyber-espionage operations since at least 2007," Kaspersky said.
Victims of this targeted attack have been found in 31 countries across the world -- from the Middle East and Europe to Africa and the Americas, Kaspersky said.
For the victims, an infection with Careto can be disastrous.
"Careto intercepts all communication channels and collects the most vital information from the victim's machine. Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities and additional cyber-espionage modules," it said.