Where Careto got its name. Image: Kaspersky
Advertisement
encryption keys, VPN configurations, SSH keys and RDP files," the report states. "There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools."Kasperky's researchers say the first Careto attack they uncovered was a spear phishing email campaign that used exploit websites that masked as subdomains of popular Spanish and international news websites, including the Washington Post and Politico. From there, Careto takes advantage of at least three different backdoors across Windows and OS X, with "traces" of others, including backdoors for Linux and mobile operating systems, noted but not confirmed by the researchers.With a high-powered virus, the obvious question is where it came from. To that end, the answer seems fairly obvious, if extremely difficult to prove: Careto is quite possibly the work of a nation-state.“Several reasons make us believe this could be a nation-state sponsored campaign. First of all, we observed a very high degree of professionalism in the operational procedures of the group behind this attack. From infrastructure management, shutdown of the operation, avoiding curious eyes through access rules and using wiping instead of deletion of log files," Costin Raiu, the director of Kaspersky's Global Research and Analysis Team, said in a release.
“This level of operational security is not normal for cyber-criminal groups.”It is, however, to be expected of state-sponsored attackers, who have the money to spend on sophisticated tools, and all the reasons in the world not to get caught. We all remember Stuxnet, which was likely created by a nation-state, as well as Duqu, which was the baddest on the block until Careto came around. But beyond knowing that someone official likely built Careto, it's hard to tell where it came from—although Spanish-language viruses of this nature are apparently pretty rare. In any case, there's one clear truth: the cyber-espionage sector is continually gathering steam.@derektmead