Sophisticated Spy Tool ‘The Mask’ Rages Undetected for 7 Years

Researchers have uncovered a sophisticated cyber spying operation that has been alive since at least 2007 and uses techniques and code that surpass any nation-state spyware previously spotted in the wild.

The attack, dubbed “The Mask” by the researchers at Kaspersky Lab in Russia who discovered it, targeted government agencies and diplomatic offices and embassies, before it was dismantled last month. It also targeted companies in the oil, gas and energy industries as well as research organizations and activists. Kaspersky uncovered at least 380 victims in more than two dozen countries, with the majority of the targets in Morocco and Brazil.

The attack — possibly from a Spanish-speaking country — used sophisticated malware, rootkit methods and a bootkit to hide and maintain persistence on infected machines. The attackers sought not only to steal documents, but to steal encryption keys, data about a target’s VPN configurations, and Adobe signing keys, which would give the attackers the ability to sign .PDF documents as if they were the owner of the key.

The Mask also went after files with extensions that Kaspersky has not been able to identify yet. The Kaspersky researchers believe the extensions may be used by custom government programs, possibly for encryption.

via Sophisticated Spy Tool ‘The Mask’ Rages Undetected for 7 Years | Threat Level | Wired.com.

———————————————-

Journal of Law & Cyber Warfare | www.jlcw.org The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners.  The Journal of Law & Cyber Warfare provides a public peer-reviewed law publication to foster open discussion and education of technology, government and legal stakeholder in relation to the complex issue of cyber warfare.  Journal of Law & Cyber Warfare accepts articles written by military, technology, judges, government officials, academic and legal practitioners. The Journal of Law & Cyber Warfare is honored by the world class caliber editorial board that is involved with the Journal. Thought leaders from forensics, law, warfare, and cyber security are on the Board. The Journal is always looking for interested thought leaders who believe they can contribute in a meaningful fashion to the development of cyber warfare scholarship.