The first cyber espionage campaign believed to be started by a Spanish-speaking country has been uncovered by a security software firm.
Dubbed ‘The Mask’, the campaign had operated undetected since 2007 targeting government agencies, energy companies and activists in 31 countries and had infected more than 380 targets before it stopped last week, Moscow-based Kaspersky Lab said yesterday.
The suspected involvement of a Spanish-speaking nation is unusual as the most sophisticated cyber spying operations uncovered so far have been linked to the USA, China, Russia and Israel, but the firm declined to identify the government suspected to be behind the campaign.
Kaspersky Lab said the discovery of The Mask, which had been most active in Morocco, followed by Brazil, the UK, France and Spain, suggests that more countries have become adept in Internet spying.
"There are many super-advanced groups that we don't know about. This is the tip of the iceberg," Costin Raiu, director of Kaspersky's global research team, said in an interview on the sidelines of a conference sponsored by his company in the Dominican Republic.
The firm's researchers only came across the operation because it infected Kaspersky's own software.
Raiu said The Mask hit government institutions, oil and gas companies and activists, using malware that was designed to steal documents, encryption keys and other sensitive files, as well as take full control of infected computers.
The operation infected computers running Microsoft Windows and Apple Mac software, and likely mobile devices running Apple's iOS and Google's Android software, according to Kaspersky.
There was no immediate comment from the companies.
Kaspersky said it worked with Apple and other companies last week to shut down some of the websites that were controlling the spying operation. The firm named the operation "The Mask" for the translation of the Spanish word "Careto," which appears in the malware code.