Sophisticated Spy Tool 'The Mask' Rages Undetected for 7 Years.

[Andre Kesteloot]

Researchers have uncovered a sophisticated cyber spying operation that 
has been alive since at least 2007 and uses techniques and code that 
surpass any nation-state spyware previously spotted in the wild.

The attack, dubbed "The Mask" by the researchers at Kaspersky Lab in 
Russia who discovered it, targeted government agencies and diplomatic 
offices and embassies, before it was dismantled last month. It also 
targeted companies in the oil, gas and energy industries as well as 
research organizations and activists.

Kaspersky uncovered at least 380 victims in more than two dozen 
countries, with the majority of the targets in Morocco and Brazil.

The attack - possibly from a Spanish-speaking country - used 
sophisticated malware, rootkit methods and a bootkit to hide and 
maintain persistence on infected machines. The attackers sought not only 
to steal documents, but to steal encryption keys, data about a target's 
VPN configurations, and Adobe signing keys, which would give the 
attackers the ability to sign .PDF documents as if they were the owner 
of the key.

The Mask also went after files with extensions that Kaspersky has not 
been able to identify yet. The Kaspersky researchers believe the 
extensions may be used by custom government programs, possibly for 
encryption. [Read more: Zetter/Wired 
<http://r20.rs6.net/tn.jsp?e=001209rjMOaU29MBgqWXuot7WdwtYQGBDdvytyskSCX9ME7w4x-PWQ1sxSK77qfbCowl9ST7kpvRPw8kMESY8bvYzYZw-VwSSVNtlid2bqOdDFcIstNaMCCf5j3Yp6EOn6Z0VVwyJRZU1KBvBeMGxx9Ptw7jb80dp6R>/10February2014] 



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20140211/64778801/attachment.html>