(T) It started with Stuxnet. And then, came Duqu, Flame, Gauss, Red October…and  this week, Careto discovered by Kaspersky Lab. Unfortunately, those cyberweapons that we are identifying are likely to be just the top of the iceberg and are ineluctably getting more and more sophisticated. According to Kaspersky:

Careto “relies on spear-phishing e-mails with links to a malicious website. The malicious website contains a number of exploits designed to infect the visitor, depending on system configuration. Upon successful infection, the malicious website redirects the user to the benign website referenced in the e-mail, which can be a YouTube movie or a news portal.”

Careto main objective is to “gather sensitive data from the infected systems. These include office documents, but also various encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by the Remote Desktop Client to automatically open a connection to the reserved computer).” 

Its primary targets are “government institutions, diplomatic offices and embassies, energy, oil, and gas companies, research organizations and activists. Victims of this targeted attack have been found in 31 countries around the world – from the Middle East and Europe to Africa and the Americas.” 

Note that Careto has been in operation undetected for at least seven years!

References

• Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attacker
• A Silicon Valley Insider, Symantec Stuxnet Deep Diving

Note: The picture above is from Kaspersky Lab.

Copyright © 2005-2014 by Serge-Paul Carrasco. All rights reserved.
Contact Us: asvinsider at gmail dot com.