Kaspersky Lab “unmasks” long-running cyber-espionage operation

Security vendor is tipped off to malware campaign following unsuccessful attack on its own products

Kaspersky Lab has discovered a new threat vector involved in global cyber-espionage operations since at least 2007.

Dubbed “The Mask”, or in some cases Careto, the malware comes the way of a cross-platform malware toolkit that includes at least one zero-day exploit.

PCs are not the only ones in the sight of the malware, with Mac OS X, Linux, and potentially even iOS and Android in the line of fire.

The security vendor has already dubbed Mask as “one of the most advanced global cyber-espionage operations to date” for the high degree of sophistication it contains.

Nowhere safe

Mask has so far been collecting sensitive data from the infected systems, and Kaspersky Lab has traced victims of the attack to 31 countries around the world.

Kaspersky Lab A/NZ managing director, Andrew Mamonitis, said no country can be ruled out as a target for the attack, including Australia.

“The total number of affected countries and unique victims could in fact be much higher than those analysed in the report,” he said.

To illustrate his point, Mamonitis points to how Australia was not been immune to previous targeted campaigns such as NetTraveler, which went after local diplomatic missions.

So far the security vendor has found that governments and strategic institutions of all persuasions have been targeted by Mask.

“Coupled with the difficulty with attribution, the motive behind such a wide-ranging attack is difficult to ascertain,” Mamonitis said.

Sign of things to come

Kaspersky Lab was tipped off to the Mask campaign after hackers attempted to exploit a vulnerability in the company’s products fixed five years ago.

As for whether the discovery of Mask will set a precedent for future malware attacks, Mamonitis said the versatility and sophistication of the campaign demonstrates how hackers are becoming "more adept" at pursuing higher level targets.

“The fact that it stands as one of the most advanced campaigns shows that there is potentially growing investment in cyber-espionage attacks,” he said.

“One would have to assume that rather than a one-off incident, it may, unfortunately, be a sign of further things to come.”

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.