66:
Careto normally installs a second and more complex backdoor program called SGH. SGH is easily modifiable and also has a wider arsenal including the ability to intercept system events, file operations, and performing a wider range of surveillance features. The information gathered by SGH and Careto
266:
200:
38:
in 2014. Because of its high level of sophistication and professionalism, and a target list that included diplomatic offices and embassies, Careto is believed to be the work of a nation state. Kaspersky believes that the creators of the malware were
Spanish-speaking.
270:
204:
129:
On investigation of the command and control servers, discoveries showed that more than 380 victims were infected. From the information that has been uncovered, the victims were infected with the malware by clicking on a
686:
706:
201:"Kaspersky Lab Uncovers "The Mask": One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers, 11 February 2014"
138:. The player has since been patched and is no longer exploitable by Careto. The websites that contained the exploitable software had names similar to popular newspapers, such as
110:
security products. Upon discovery of Careto trying to exploit their software, Kaspersky started to investigate further. As part of collecting statistics, multiple
372:
267:"Kaspersky Lab Uncovers "The Mask": One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers"
332:
248:
858:
398:
676:
620:
666:
435:
790:
1204:
671:
95:. The signatures are issued from a Bulgarian company, TecSystem Ltd., but the authenticity of the company is unknown. One of the issued
1338:
1320:
821:
599:
365:
1344:
870:
831:
466:
645:
1404:
1350:
925:
816:
752:
589:
491:
99:
was valid between June 28, 2011 and June 28, 2013. Another was valid from April 18, 2013 to July 18, 2016, but was revoked by
811:
584:
310:
296:
691:
403:
393:
358:
1565:
955:
742:
681:
640:
538:
1060:
795:
558:
1856:
1749:
1090:
945:
737:
630:
574:
166:
1230:
1199:
826:
1368:
935:
853:
759:
732:
1524:
1188:
661:
594:
440:
72:
1398:
1254:
1085:
747:
96:
1861:
1539:
1374:
1158:
522:
226:
1302:
1183:
895:
604:
553:
548:
150:
1801:
1673:
701:
517:
1811:
1806:
1703:
1332:
1095:
1021:
711:
512:
135:
118:
1851:
1816:
1698:
1668:
1272:
1128:
486:
450:
92:
1846:
1841:
1744:
1519:
1168:
1105:
980:
429:
1754:
1729:
1693:
1621:
1534:
1529:
1173:
965:
875:
579:
1493:
1488:
1178:
1163:
1153:
1148:
1080:
1055:
1050:
1045:
990:
445:
88:
51:
1835:
1616:
1075:
1034:
1030:
1026:
107:
35:
1560:
1514:
1314:
1278:
1133:
1123:
1016:
1011:
1006:
880:
696:
625:
111:
76:
134:
which redirected to websites that had software that Careto could exploit, such as
1796:
1786:
1734:
1642:
1586:
1498:
1447:
1308:
1138:
865:
496:
1739:
1724:
1652:
1442:
1392:
1296:
1248:
1224:
1212:
1070:
995:
985:
975:
960:
920:
845:
476:
180:
as far back as 2007. It is now known that the attacks ceased in
January 2014.
68:
1770:
1647:
1611:
1601:
1473:
1290:
1040:
970:
910:
471:
47:
1678:
1606:
1591:
1410:
1386:
1260:
1242:
1143:
1065:
900:
885:
785:
764:
543:
177:
158:
131:
100:
42:
Because of the focus on
Spanish-speaking victims, the heavy targeting of
1708:
1581:
1544:
1478:
1457:
1427:
1380:
1362:
1284:
1218:
1000:
915:
905:
890:
350:
162:
43:
31:
1791:
1683:
1637:
1452:
1266:
1236:
1115:
1100:
930:
769:
481:
333:"Unveiling 'The Mask': Sophisticated malware ran rampant for 7 years"
249:"Unveiling 'The Mask': Sophisticated malware ran rampant for 7 years"
1416:
1356:
1326:
635:
173:
was discovered on the C&C servers, but no samples were found.
154:
55:
1688:
1483:
727:
354:
170:
87:
Careto is hard to discover and remove because of its use of
106:
Careto was discovered when it made attempts to circumvent
667:
227:""The Mask" Espionage Malware - Schneier on Security"
165:. Evidence of a possible fourth type of backdoor to
1779:
1763:
1717:
1661:
1630:
1574:
1553:
1507:
1466:
1435:
1426:
1197:
1114:
944:
844:
804:
778:
720:
654:
613:
567:
531:
505:
459:
422:
415:
242:
240:
121:can discover and successfully remove the malware.
297:"The Careto/Mask APT: Frequently Asked Questions"
291:
289:
287:
114:were placed on the command and control servers.
707:Russian interference in the 2016 U.S. elections
366:
91:. In addition, most of the samples have been
26:(Spanish slang for "face"), sometimes called
20:
8:
677:Democratic National Committee cyber attacks
1432:
621:Office of Personnel Management data breach
419:
373:
359:
351:
189:
79:keys and other communication channels.
247:Lucian Constantin (11 February 2014).
54:speculates that Careto is operated by
195:
193:
176:It is estimated that Careto has been
149:The malware is said to have multiple
7:
16:Espionage malware discovered in 2014
672:Commission on Elections data breach
14:
832:Jeff Bezos phone hacking incident
1405:Microarchitectural Data Sampling
641:Ukrainian Power Grid Cyberattack
549:Cyberterrorism attack of June 25
753:2017 Ukraine ransomware attacks
590:2014 JPMorgan Chase data breach
585:2014 celebrity nude photo leak
1:
822:Bulgarian revenue agency hack
600:Russian hacker password theft
956:Bangladesh Black Hat Hackers
432:(publication of 2009 events)
817:Baltimore ransomware attack
1878:
1091:Tailored Access Operations
738:WannaCry ransomware attack
631:Ashley Madison data breach
575:Anthem medical data breach
492:PlayStation network outage
117:Currently most up-to-date
30:, is a piece of espionage
827:WhatsApp snooping scandal
692:Indian Bank data breaches
386:
1369:Speculative Store Bypass
936:Ukrainian Cyber Alliance
733:2017 Macron e-mail leaks
743:Westminster data breach
662:Bangladesh Bank robbery
605:2014 Yahoo! data breach
595:2014 Sony Pictures hack
554:2013 Yahoo! data breach
539:South Korea cyberattack
441:Operation Olympic Games
436:Australian cyberattacks
73:virtual private network
46:, and the targeting of
1086:Syrian Electronic Army
796:SingHealth data breach
559:Singapore cyberattacks
497:RSA SecurID compromise
21:
1375:Lazy FP state restore
1159:Kristoffer von Hassel
812:Sri Lanka cyberattack
682:Vietnam Airport Hacks
523:Operation High Roller
83:Detection and removal
1321:Silent Bob is Silent
381:Hacking in the 2010s
89:stealth capabilities
75:configurations, and
1255:SS7 vulnerabilities
791:Atlanta cyberattack
760:Equifax data breach
518:Stratfor email leak
467:Canadian government
446:Operation ShadowNet
299:. 10 February 2014.
207:on 21 February 2014
140:The Washington Post
132:spear phishing link
1704:Petya and NotPetya
1333:ROCA vulnerability
1096:The Shadow Brokers
1022:Iranian Cyber Army
948:persistent threats
748:Petya and NotPetya
712:2016 Bitfinex hack
687:DCCC cyber attacks
646:SWIFT banking hack
313:. 10 February 2014
136:Adobe Flash Player
119:antivirus software
1857:2014 in computing
1829:
1828:
1825:
1824:
1817:ZeroAccess botnet
1129:Mustafa Al-Bassam
896:New World Hackers
859:associated events
840:
839:
636:VTech data breach
487:Operation AntiSec
451:Operation Payback
410:
409:
1869:
1433:
1106:Yemen Cyber Army
430:Operation Aurora
420:
389:
388:
375:
368:
361:
352:
345:
344:
342:
340:
329:
323:
322:
320:
318:
307:
301:
300:
293:
282:
281:
279:
278:
269:. Archived from
263:
257:
256:
244:
235:
234:
223:
217:
216:
214:
212:
203:. Archived from
197:
93:digitally signed
24:
1877:
1876:
1872:
1871:
1870:
1868:
1867:
1866:
1832:
1831:
1830:
1821:
1775:
1759:
1713:
1657:
1626:
1570:
1549:
1503:
1462:
1422:
1202:
1200:vulnerabilities
1193:
1110:
1003:(confederation)
966:Charming Kitten
947:
940:
876:Goatse Security
836:
800:
774:
765:Deloitte breach
716:
702:Dyn cyberattack
650:
609:
580:Operation Tovar
563:
527:
501:
455:
416:Major incidents
411:
382:
379:
349:
348:
338:
336:
331:
330:
326:
316:
314:
309:
308:
304:
295:
294:
285:
276:
274:
265:
264:
260:
246:
245:
238:
225:
224:
220:
210:
208:
199:
198:
191:
186:
144:The Independent
127:
85:
64:
17:
12:
11:
5:
1875:
1873:
1865:
1864:
1859:
1854:
1849:
1844:
1834:
1833:
1827:
1826:
1823:
1822:
1820:
1819:
1814:
1809:
1804:
1799:
1794:
1789:
1783:
1781:
1777:
1776:
1774:
1773:
1767:
1765:
1761:
1760:
1758:
1757:
1752:
1747:
1742:
1737:
1732:
1727:
1721:
1719:
1715:
1714:
1712:
1711:
1706:
1701:
1696:
1691:
1686:
1681:
1676:
1671:
1665:
1663:
1659:
1658:
1656:
1655:
1650:
1645:
1640:
1634:
1632:
1628:
1627:
1625:
1624:
1619:
1614:
1609:
1604:
1599:
1594:
1589:
1587:Black Energy 3
1584:
1578:
1576:
1572:
1571:
1569:
1568:
1563:
1557:
1555:
1551:
1550:
1548:
1547:
1542:
1537:
1532:
1527:
1522:
1517:
1511:
1509:
1505:
1504:
1502:
1501:
1496:
1494:Metulji botnet
1491:
1486:
1481:
1476:
1470:
1468:
1464:
1463:
1461:
1460:
1455:
1450:
1448:Black Energy 2
1445:
1439:
1437:
1430:
1424:
1423:
1421:
1420:
1414:
1408:
1402:
1396:
1390:
1384:
1378:
1372:
1366:
1360:
1354:
1348:
1342:
1336:
1330:
1324:
1318:
1312:
1306:
1303:Broadcom Wi-Fi
1300:
1294:
1288:
1282:
1276:
1270:
1264:
1258:
1252:
1246:
1240:
1234:
1228:
1222:
1216:
1209:
1207:
1195:
1194:
1192:
1191:
1186:
1181:
1176:
1171:
1166:
1164:Junaid Hussain
1161:
1156:
1154:Jeremy Hammond
1151:
1149:Elliott Gunton
1146:
1141:
1136:
1131:
1126:
1120:
1118:
1112:
1111:
1109:
1108:
1103:
1098:
1093:
1088:
1083:
1081:Stealth Falcon
1078:
1073:
1068:
1063:
1058:
1056:PLA Unit 61486
1053:
1051:PLA Unit 61398
1048:
1046:Numbered Panda
1043:
1038:
1024:
1019:
1014:
1009:
1004:
998:
993:
991:Equation Group
988:
983:
978:
973:
968:
963:
958:
952:
950:
942:
941:
939:
938:
933:
928:
923:
918:
913:
908:
903:
898:
893:
888:
883:
878:
873:
868:
863:
862:
861:
850:
848:
842:
841:
838:
837:
835:
834:
829:
824:
819:
814:
808:
806:
802:
801:
799:
798:
793:
788:
782:
780:
776:
775:
773:
772:
767:
762:
757:
756:
755:
745:
740:
735:
730:
724:
722:
718:
717:
715:
714:
709:
704:
699:
694:
689:
684:
679:
674:
669:
664:
658:
656:
652:
651:
649:
648:
643:
638:
633:
628:
623:
617:
615:
611:
610:
608:
607:
602:
597:
592:
587:
582:
577:
571:
569:
565:
564:
562:
561:
556:
551:
546:
541:
535:
533:
529:
528:
526:
525:
520:
515:
509:
507:
503:
502:
500:
499:
494:
489:
484:
482:HBGary Federal
479:
474:
469:
463:
461:
457:
456:
454:
453:
448:
443:
438:
433:
426:
424:
417:
413:
412:
408:
407:
401:
396:
387:
384:
383:
380:
378:
377:
370:
363:
355:
347:
346:
324:
302:
283:
258:
236:
218:
188:
187:
185:
182:
126:
123:
84:
81:
63:
60:
52:Bruce Schneier
34:discovered by
15:
13:
10:
9:
6:
4:
3:
2:
1874:
1863:
1860:
1858:
1855:
1853:
1850:
1848:
1845:
1843:
1840:
1839:
1837:
1818:
1815:
1813:
1810:
1808:
1805:
1803:
1800:
1798:
1795:
1793:
1790:
1788:
1785:
1784:
1782:
1778:
1772:
1769:
1768:
1766:
1762:
1756:
1753:
1751:
1748:
1746:
1743:
1741:
1738:
1736:
1733:
1731:
1728:
1726:
1723:
1722:
1720:
1716:
1710:
1707:
1705:
1702:
1700:
1697:
1695:
1692:
1690:
1687:
1685:
1682:
1680:
1677:
1675:
1672:
1670:
1667:
1666:
1664:
1660:
1654:
1651:
1649:
1646:
1644:
1641:
1639:
1636:
1635:
1633:
1629:
1623:
1620:
1618:
1617:Gameover ZeuS
1615:
1613:
1610:
1608:
1605:
1603:
1600:
1598:
1595:
1593:
1590:
1588:
1585:
1583:
1580:
1579:
1577:
1573:
1567:
1564:
1562:
1559:
1558:
1556:
1552:
1546:
1543:
1541:
1538:
1536:
1533:
1531:
1528:
1526:
1523:
1521:
1518:
1516:
1513:
1512:
1510:
1506:
1500:
1497:
1495:
1492:
1490:
1487:
1485:
1482:
1480:
1477:
1475:
1472:
1471:
1469:
1465:
1459:
1456:
1454:
1451:
1449:
1446:
1444:
1441:
1440:
1438:
1434:
1431:
1429:
1425:
1418:
1415:
1412:
1409:
1406:
1403:
1400:
1397:
1394:
1391:
1388:
1385:
1382:
1379:
1376:
1373:
1370:
1367:
1364:
1361:
1358:
1355:
1352:
1349:
1346:
1343:
1340:
1337:
1334:
1331:
1328:
1325:
1322:
1319:
1316:
1313:
1310:
1307:
1304:
1301:
1298:
1295:
1292:
1289:
1286:
1283:
1280:
1277:
1274:
1271:
1268:
1265:
1262:
1259:
1256:
1253:
1250:
1247:
1244:
1241:
1238:
1235:
1232:
1229:
1226:
1223:
1220:
1217:
1214:
1211:
1210:
1208:
1206:
1201:
1196:
1190:
1187:
1185:
1182:
1180:
1177:
1175:
1172:
1170:
1167:
1165:
1162:
1160:
1157:
1155:
1152:
1150:
1147:
1145:
1142:
1140:
1137:
1135:
1132:
1130:
1127:
1125:
1122:
1121:
1119:
1117:
1113:
1107:
1104:
1102:
1099:
1097:
1094:
1092:
1089:
1087:
1084:
1082:
1079:
1077:
1076:Rocket Kitten
1074:
1072:
1069:
1067:
1064:
1062:
1059:
1057:
1054:
1052:
1049:
1047:
1044:
1042:
1039:
1036:
1032:
1028:
1027:Lazarus Group
1025:
1023:
1020:
1018:
1015:
1013:
1010:
1008:
1005:
1002:
999:
997:
994:
992:
989:
987:
984:
982:
979:
977:
974:
972:
969:
967:
964:
962:
959:
957:
954:
953:
951:
949:
943:
937:
934:
932:
929:
927:
924:
922:
919:
917:
914:
912:
909:
907:
904:
902:
899:
897:
894:
892:
889:
887:
884:
882:
879:
877:
874:
872:
869:
867:
864:
860:
857:
856:
855:
852:
851:
849:
847:
843:
833:
830:
828:
825:
823:
820:
818:
815:
813:
810:
809:
807:
803:
797:
794:
792:
789:
787:
784:
783:
781:
777:
771:
770:Disqus breach
768:
766:
763:
761:
758:
754:
751:
750:
749:
746:
744:
741:
739:
736:
734:
731:
729:
726:
725:
723:
719:
713:
710:
708:
705:
703:
700:
698:
695:
693:
690:
688:
685:
683:
680:
678:
675:
673:
670:
668:
665:
663:
660:
659:
657:
653:
647:
644:
642:
639:
637:
634:
632:
629:
627:
624:
622:
619:
618:
616:
612:
606:
603:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
576:
573:
572:
570:
566:
560:
557:
555:
552:
550:
547:
545:
544:Snapchat hack
542:
540:
537:
536:
534:
530:
524:
521:
519:
516:
514:
513:LinkedIn hack
511:
510:
508:
504:
498:
495:
493:
490:
488:
485:
483:
480:
478:
475:
473:
470:
468:
465:
464:
462:
458:
452:
449:
447:
444:
442:
439:
437:
434:
431:
428:
427:
425:
421:
418:
414:
406: →
405:
402:
400:
397:
395:
392:←
391:
390:
385:
376:
371:
369:
364:
362:
357:
356:
353:
334:
328:
325:
312:
306:
303:
298:
292:
290:
288:
284:
273:on 2014-02-21
272:
268:
262:
259:
254:
250:
243:
241:
237:
232:
228:
222:
219:
206:
202:
196:
194:
190:
183:
181:
179:
174:
172:
168:
164:
160:
156:
152:
147:
145:
141:
137:
133:
124:
122:
120:
115:
113:
109:
104:
102:
98:
94:
90:
82:
80:
78:
74:
70:
61:
59:
57:
53:
49:
45:
40:
37:
36:Kaspersky Lab
33:
29:
25:
23:
1862:Cyberwarfare
1596:
1561:CryptoLocker
1315:DoublePulsar
1134:Cyber Anakin
1124:Ryan Ackroyd
1017:Helix Kitten
1012:Hacking Team
1007:Guccifer 2.0
881:Lizard Squad
697:Surkov leaks
626:Hacking Team
337:. Retrieved
327:
315:. Retrieved
311:"Securelist"
305:
275:. Retrieved
271:the original
261:
252:
231:schneier.com
230:
221:
209:. Retrieved
205:the original
175:
148:
143:
139:
128:
125:Distribution
116:
105:
97:certificates
86:
67:can include
65:
41:
27:
19:
18:
1797:NetTraveler
1735:LogicLocker
1643:Hidden Tear
1540:Red October
1399:Dragonblood
1309:EternalBlue
1273:Stagefright
1139:George Hotz
1116:Individuals
866:CyberBerkut
211:11 February
1836:Categories
1740:Rensenware
1725:BrickerBot
1653:TeslaCrypt
1443:Bad Rabbit
1393:Foreshadow
1297:Cloudbleed
1249:Row hammer
1231:Shellshock
1225:Heartbleed
1213:Evercookie
1189:The Jester
1071:Red Apollo
1031:BlueNorOff
1001:GOSSIPGIRL
996:Fancy Bear
986:Elfin Team
981:DarkMatter
976:Dark Basin
961:Bureau 121
921:Teamp0ison
846:Hacktivism
477:DNSChanger
277:2014-02-11
184:References
69:encryption
1771:VPNFilter
1648:Rombertik
1612:FinFisher
1602:DarkHotel
1566:DarkSeoul
1474:Coreflood
1339:BlueBorne
1291:Dirty COW
1205:disclosed
1203:publicly
1041:NSO Group
971:Cozy Bear
911:PayPal 14
854:Anonymous
728:SHAttered
472:DigiNotar
335:. Pcworld
151:backdoors
112:sinkholes
108:Kaspersky
48:Gibraltar
1852:Rootkits
1812:Titanium
1755:XafeCopy
1750:WannaCry
1679:KeRanger
1607:Duqu 2.0
1592:Carbanak
1411:BlueKeep
1387:SigSpoof
1345:Meltdown
1261:WinShock
1243:Rootpipe
1144:Guccifer
1066:Pranknet
1061:PLATINUM
1035:AndAriel
946:Advanced
901:NullCrew
886:LulzRaft
786:Trustico
399:Timeline
178:compiled
159:Mac OS X
101:Verisign
28:The Mask
1847:Spyware
1842:Malware
1709:X-Agent
1699:Pegasus
1582:Brambul
1545:Shamoon
1489:Kelihos
1479:Alureon
1458:Stuxnet
1428:Malware
1381:TLBleed
1363:Exactis
1351:Spectre
1285:Badlock
1219:iSeeYou
1184:Topiary
916:RedHack
906:OurMine
891:LulzSec
339:2 April
317:3 April
253:PCWorld
167:Android
163:Windows
62:Payload
44:Morocco
32:malware
1792:Joanap
1745:Triton
1684:Necurs
1674:Jigsaw
1669:Hitler
1638:Dridex
1597:Careto
1520:Dexter
1453:SpyEye
1419:(2019)
1413:(2019)
1407:(2019)
1401:(2019)
1395:(2018)
1389:(2018)
1383:(2018)
1377:(2018)
1371:(2018)
1365:(2018)
1359:(2018)
1353:(2018)
1347:(2018)
1341:(2017)
1335:(2017)
1329:(2017)
1323:(2017)
1317:(2017)
1311:(2017)
1305:(2017)
1299:(2017)
1293:(2016)
1287:(2016)
1281:(2016)
1275:(2015)
1269:(2015)
1267:JASBUG
1263:(2014)
1257:(2014)
1251:(2014)
1245:(2014)
1239:(2014)
1237:POODLE
1233:(2014)
1227:(2014)
1221:(2013)
1215:(2010)
1198:Major
1179:Track2
1101:xDedic
931:UGNazi
161:, and
71:keys,
22:Careto
1807:Tinba
1694:Mirai
1622:Regin
1535:Mahdi
1530:Flame
1515:Carna
1499:Stars
1417:Kr00k
1357:EFAIL
1327:KRACK
1279:DROWN
404:2020s
394:2000s
155:Linux
56:Spain
1802:R2D2
1787:Grum
1780:2019
1764:2018
1730:Kirk
1718:2017
1689:MEMZ
1662:2016
1631:2015
1575:2014
1554:2013
1508:2012
1484:Duqu
1467:2011
1436:2010
1174:Sabu
926:TDO
871:GNAA
805:2019
779:2018
721:2017
655:2016
614:2015
568:2014
532:2013
506:2012
460:2011
423:2010
341:2015
319:2015
213:2014
169:and
142:and
1525:FBI
1169:MLT
1033:) (
171:IOS
153:to
77:SSH
1838::
286:^
251:.
239:^
229:.
192:^
157:,
146:.
103:.
58:.
50:,
1037:)
1029:(
374:e
367:t
360:v
343:.
321:.
280:.
255:.
233:.
215:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.