New cyberweapon: Careto Attack a threat to business and government IT systems
The new discovery of a large number of malware infections across large parts of the globe has been tracked back to Careto, or "The Mask" in Spanish. Victims of this targeted attack have been found in 31 countries around the world – from the Middle East and Europe to Africa and the Americas.
It is the most dangerous malicious code to IT security in history.
- What is Careto Attack?
Careto Attack is a cluster of reconnaissance and data-stealing Trojans that can monitor many aspects of a system's operation, including keystroke entry and network traffic. This information is stored locally on the infected system along with extensive system configuration information.
- Who is the target?
Everyone. The primary targets are government institutions, diplomatic offices and embassies, energy, oil, and gas infrastructure companies, research organizations and activists. It also targets home users who work for corporations and government agencies.
- What is the infection method?
- Email: Careto/The Mask campaign relies on spear-phishing e-mails with links to a malicious website. The malicious website contains a number of exploits designed to infect the visitor, depending on system configuration. Upon successful infection, the malicious website redirects the user to the benign website referenced in the e-mail, which can be a YouTube movie or a news portal.
- Website: It's important to note the exploit websites do not automatically infect visitors; instead, the attackers host the exploits at specific folders on the website, which are not directly referenced anywhere, except in malicious e-mails. Sometimes, the attackers use subdomains on the exploit websites, to make them seem more real. These subdomains simulate subsections of the main newspapers in Spain plus some international sources. For example, "The Guardian" and "Washington Post."
- What happens if IT system gets infected?
Once Careto has compromised a system, it begins collecting sensitive information from it. The software can "intercept network traffic, keystrokes, Skype conversations, analyze WiFi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations."
- What to do if your organization has been affected by Careto?
The chances are it is still crawling the depths of your IT infrastructure, waiting for further instructions from its creators. Please call MJJT Consultants Security Team at 212-868-0688 for a free consultation.
Need to know how to protect your critical information? Please call MJJT Consultants Security Team at 212-868-0688 for a free consultation.