Breaking News

SAMA Launches Exclusive Amazon Prime Day Deals on Flagship PC Cases and AIO Cooler Lineup Transcend Launches Ultra-Fast PCIe Gen5 SSD MTE260S Power Your World with DJI's New Portable Power Station Power 2000 G.SKILL CAMM2 DDR5 Memory Module Demonstrates DDR5-10000 Overclock Speed on ASUS Z890 Motherboard JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Kaspersky Lab Uncovers "The Mask" Cyber Spying Campaign

Kaspersky Lab Uncovers "The Mask" Cyber Spying Campaign

Enterprise & IT Feb 10,2014 0

A group of high-level attackers has been targeting government embassies, diplomatic offices and energy companies with a cyber-espionage campaign for more than five years that researchers say is the most sophisticated APT operation they've seen to date. The attack, dubbed the 'Mask,' includes a number of unique components and functionality and the group behind it has been stealing sensitive data such as encryption and SSH keys and wiping and deleting other data on targeted machines,according to researchers at Kaspersky Lab.

The Mask APT campaign has been going on since at least 2007 it doesn't appear to have any connection to China. Researchers say that the attackers behind the Mask are Spanish-speaking and have gone after targets in more than 30 countries around the world. Many, but not all, of the victims are in Spanish-speaking countries, and researchers at Kaspersky Lab, who uncovered the campaign, said that the attackers had at least one zero-day in their arsenal, along with versions of the Mask malware for Mac OS X, Linux, and perhaps even iOS and Android.

"These guys are better than the Flame APT group because of the way that they managed their infrastructure," said Costin Raiu, head of the Global Research Analysis Team at Kaspersky. "The speed and professionalism is beyond that of Flame or anything else that we've seen so far."

Raiu revealed the details of the Mask attack campaign during the Kaspersky Security Analyst Summit on Monday.

Kaspersky researchers first became aware of the Mask APT group because they saw the attackers exploiting a vulnerability in one of the company's products. The attackers found a bug in an older version of a Kaspersky product, which has been patched for several years, and were using the vulnerability as part of their method for hiding on compromised machines. Raiu said that the attackers had a number of different tools at their disposal, including implants that enabled them to maintain persistence on victims' machines, intercept all TCP and UDP communications in real time and remain invisible on the compromised machine. Raiu said all of the communications between victims and the C&C servers were encrypted.

The attackers targeted victims with spear-phishing emails that would lead them to a malicious Web site where the exploits were hosted. There were a number of exploits on the site and they were only accessible through the direct links the attackers sent the victims. One of the exploits the attackers used was for CVE-2012-0773, an Adobe Flash vulnerability that was discovered by researchers at VUPEN, the French firm that sells exploits and vulnerability information to private customers. The Flash bug was an especially valuable one, as it could be used to bypass the sandbox in the Chrome browser. Raiu said the exploit for this Flash bug never leaked publicly.

While most APT campaigns tend to target Windows machines, the Mask attackers also were interested in compromising OS X and Linux machines, as well as some mobile platforms. Kaspersky researchers found Windows and OS X samples and some indications of a Linux versions, but don't have a Linux sample. There also is some evidence that there may be versions for both iOS and Android. Raiu said there was one victim in Morocco who was communicating with the C&C infrastructure over 3G.

Kaspersky researchers have sinkholed about 90 of the C&C domains the attackers were using, and the operation was shut down last week within a few hours of a short blog post the researchers published with a few details of the Mask campaign. Raiu said that after the post was published, the Mask operators rolled up their campaign within about four hours.

However, Raiu said that the attackers could resurrect the operation without much trouble.

"They could come back very quickly if they wanted," he said.

Tags: Hackingcybercrime
Previous Post
Apple iTunes Radio Coming To Australia
Next Post
Intel Develops Very Low Power Graphics Core For Mobiles, Tablets

Related Posts

  • MSI has been hacked, be warned about where you download files

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • GoDaddy Discloses Data Breach

  • Zoom Users' Data have Been on Sale on Dark Web: report

Latest News

SAMA Launches Exclusive Amazon Prime Day Deals on Flagship PC Cases and AIO Cooler Lineup
Cooling Systems

SAMA Launches Exclusive Amazon Prime Day Deals on Flagship PC Cases and AIO Cooler Lineup

Transcend Launches Ultra-Fast PCIe Gen5 SSD MTE260S
PC components

Transcend Launches Ultra-Fast PCIe Gen5 SSD MTE260S

Power Your World with DJI's New Portable Power Station Power 2000
Consumer Electronics

Power Your World with DJI's New Portable Power Station Power 2000

G.SKILL CAMM2 DDR5 Memory Module Demonstrates DDR5-10000 Overclock Speed on ASUS Z890 Motherboard
PC components

G.SKILL CAMM2 DDR5 Memory Module Demonstrates DDR5-10000 Overclock Speed on ASUS Z890 Motherboard

JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion
Smartphones

JCB Phone Launches New Rugged Smartphone Range to Power Global Expansion

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Soundpeats Pop Clip

Soundpeats Pop Clip

Noctua NH-D15 G2

Noctua NH-D15 G2

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed