Researchers uncover cyber spying campaign dubbed "The Mask"
By Joseph Menn and Jim Finkle
PUNTA CANA, Dominican Republic Feb 10 (Reuters) - A computer security software firm has uncovered what it calls the first cyber espionage campaign believed to be started by a Spanish-speaking country, targeting government agencies, energy companies and activists in 31 countries.
Dubbed "The Mask," the campaign had operated undetected since 2007 and infected more than 380 targets before it stopped last week, Moscow-based Kaspersky Lab said on Monday.
The firm declined to identify the government suspected to be behind the cyber spying, but said it had been most active in Morocco, followed by Brazil, the United Kingdom, France and Spain.
The suspected involvement of a Spanish-speaking nation is unusual as the most sophisticated cyber spying operations uncovered so far have been linked to the United States, China, Russia and Israel. Those nations have been said to be behind the Duqu, Gauss and Flame malware, for example.
Kaspersky Lab said the discovery of The Mask suggests that more countries have become adept in Internet spying. The firm's researchers only came across the operation because it infected Kaspersky's own software.
"There are many super-advanced groups that we don't know about. This is the tip of the iceberg," Costin Raiu, director of Kaspersky's global research team, said in an interview on the sidelines of a conference sponsored by his company in the Dominican Republic.
Raiu said The Mask hit government institutions, oil and gas companies and activists, using malware that was designed to steal documents, encryption keys and other sensitive files, as well as take full control of infected computers.
The operation infected computers running Microsoft Corp's Windows and Apple Inc's Mac software, and likely mobile devices running Apple's iOS and Google Inc's Android software, according to Kaspersky Lab.
There was no immediate comment from the companies.
Kaspersky Lab said it worked with Apple and other companies last week to shut down some of the websites that were controlling the spying operation. The firm named the operation "The Mask" for the translation of the Spanish word "Careto," which appears in the malware code.
© Thomson Reuters 2017 All rights reserved.