Spanish Government Behind Most Sophisticated Espionage Campaign Ever Seen

By Netvora Tech News

---

In 2014, cybersecurity researchers at Kaspersky Lab identified the most sophisticated espionage campaign they had ever seen, known as Careto or The Mask. The malware, which had been active since 2007, had stolen sensitive information from government agencies, embassies, energy, oil, and gas companies, research institutions, private equity firms, and activists around the world.

The campaign was remarkable for its complexity, featuring a sophisticated toolset that included highly advanced malware, a rootkit, a bootkit, and versions for macOS, Linux, and possibly Android and iOS devices.

• Over 1,000 victims were detected in 31 countries.
• The attackers used various exploits, including Adobe Flash Player, to infect targets.
• Users were tricked into downloading and executing Java files or installing a Chrome extension.

Kaspersky initially suspected a state-sponsored actor, but did not specify which country was behind the attacks. The malware also used a known vulnerability in Kaspersky's own antivirus software to hide its presence.

Recent Activity

Last year, Kaspersky warned of renewed activity from Careto, which had developed new malware capable of intercepting audio from victims' microphones and stealing sensitive information such as login credentials, files, and cookies from popular messaging apps like Threema, WeChat, and WhatsApp.

Spanish Government Connection

According to anonymous former Kaspersky employees, the Spanish government is behind the Careto campaign. This conclusion was based on targets and code references. While this was reportedly known within the company in 2014, Kaspersky has a policy of not attributing attacks to specific countries.

"We don't concern ourselves with formal attribution," Kaspersky said in a statement to TechCrunch.