'Threat likely produced by an unidentified nation-state'
MANILA, Philippines - A team of computer security experts located in Russia discovered the "most advanced" world wide cyber-espionage operations called "The Mask. "
Kaspersky Lab security research team tracked The Mask and was resulted in its targets primarily of government institutions, diplomatic offices, embassies, businesses offering energy, coal and oil, activist businesses in addition to think tanks.
In a statement released by Kaspersky Southeast Asia, the firm said it has stopped The Mask's five-year operations in January by shutting down its command-and-control servers.
Professionals described the powerful toolset rendered in speaking spanish as with the capacity of monitoring government activities including those linked to national security.
"[The Mask] includes an incredibly sophisticated malware, a rootkit, a bootkit, Mac OS X and Linux versions and perchance versions for Android and iOS (iPad/iPhone), " Kaspersky said.
Costin Raiu, Director of the World wide Research and Analysis Team (GReAT) at Kaspersky believes that the operations might be sponsored with a nation-state.
"First of, we observed a really high level of professionalism in the operational procedures of the group behind this attack. From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping as opposed to deletion of log files, " that he said.
Raiu explained that the attackers utilizing the Mask aimed to assemble sensitive and painful data such as for example office documents and encryption keys from infected systems.
That he said that The Mask also employs capabilities of highly sophisticated systems such as for example Duqu previously uncovered, rendering it "one of the very most higher level threats at this time. "
"This degree of operational security isn't normal for cyber-criminal groups, " Riau added, stressing that just a government could develop this type of tool.
Discovery
Kasperky Lab researchers stumbled concerning the Mask nearly unintentionally since it was examining a vulnerability in the business's anti-virus and malware services and products.
The Mask managed avoid detection since it attemptedto intercept communication channel and collects data from over 380 unique computers throughout the world.
Modus operandi
In its analysis report, Kasperky Lab experts noted the way the cyber-spy system depends on e-mails with links to malicious web site.
In addition, it tries to help make the websites look credible through the use of sub-domains of popular portals like the Guardian and Washington Post.
"Upon successful disease, the malicious web site redirects an individual to the benign web site referenced in the e-mail, which may be a YouTube movie or perhaps a news portal, " the report explained.
