Highly Sophisticated Cyber-Espionage Operation 'The Mask' Detected By Kaspersky Lab

A highly sophisticated cyber-espionage has been uncovered after seven years by Kaspersky Labs. The operation named "The Mask" infected 380+ high-profile targets across 31 countries. Kaspersky researchers said that the espionage campaign was one of the most sophisticated ones they had ever seen. These labs have been credited the unearthing of various major cyber-espionage campaigns. Notable examples being "Red October", "MiniDuke" and "NetTraveller". Its modus operandi is said to be even more effective than that of Flame (Malware), a complex malware campaign against Iranian computers which was discovered in 2012.

Another surprising fact about The Mask was that the suspects were, in most probability, not Chinese. In fact, the hackers were found to be using words such as careto, which means 'mask' in Spanish, heavily hinting towards the Spanish roots of the attackers. Supporting these claims was the fact that the hackers had used Spanish expletives in their malware. Also, to install their malware in computers, the hackers sent phishing mails that contained malicious links seemingly pointing to news websites of leading Spanish dailies. However, the fake links were not limited to Spanish dailies only but also contained links to leading English newspaper websites. However, the use of Spanish could just be a distraction planted by hackers to throw investigators off-track.
Once the target clicked the malicious link, he was taken to the website the hackers created. The malware would then monitor the target's browsing, record keystrokes, intercept Skype conversations, even steal files and encryption keys. These keys could then be used, for example, to decipher encrypted e-mails of the target. The malware could also steal confidential files with uncommon or unknown extension, usually the ones used by the government or the military. The malware targets were not just Windows PCs but also computers running Mac OS and Linux. It believed but not confirmed that iPhone and Android phones could also be infected. The hackers also exploited a bug in Adobe's Flash Player. This bug was was discovered by Vupen, a French internet security company that has governments and law enforcing agencies as its clients. Vupen's CEO has denied any involvement in the campaign. The targets of this campaign were government agencies, embassies, energy companies and research institutions — all common victims of a nation-sponsored operation.

Kaspersky scientists further said that the operation had been in existence since 2007. Kaspersky posted a short blog on Feb.3, giving some details about The Mask. The supporting infrastructure for The Mask was withdrawn just 4 hours later, which was described as an "incredibly fast reaction". Nevertheless, The Mask has given internet security firms a lot to think about and a lot to learn from.

Source: #-Link-Snipped-#