Kaspersky Labs has announced the discovery of an advanced cyber-espionage tool. The tool, which is known as Careto or "The Mask," appears to have been created by a Spanish-speaking native. Experts believe Careto was developed to attack targets such as diplomatic institutions, government agencies, oil and gas companies, research organizations, and activist groups. The sophistication of the tool, and the pattern of victims discovered so far, has led some experts to speculate that Careto was developed by a state-sponsored spy agency. So far, researchers have identified victims in 31 countries.
Versions of Careto exist for Windows, Mac OS, and Linux systems. According to reports, the attacker sends a link through email that appears to come from a reputable source. When the victim clicks on the link, the target system is scanned for vulnerabilities, and Careto burrows in. The tool has a modular architecture, which means the attacker can upload new components to tailor the attack once Careto has infiltrated the network.
According to Kaspersky, "For the victims, an infection with Careto can be disastrous. Careto intercepts all communication channels and collects the most vital information from the victim's machine. Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities, and additional cyber-espionage modules."
Early versions of Careto date to 2007, and the tool was active until January of this year. Kaspersky says its investigation has caused the attacker's command and control servers for Careto to shut down in order to avoid discovery.