Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Kaspersky Lab Investigating ‘Extremely Sophisticated Malware’

“The Mask” Leverages High-end Exploits and Packs Bootkit and Rootkit With Mac OS X and Linux Versions

Kasperky Lab said on Monday that it has been investigating a sophisticated cyber-espionage operation that it is calling “one of the most advanced threats at the moment”.

“The Mask” Leverages High-end Exploits and Packs Bootkit and Rootkit With Mac OS X and Linux Versions

Kasperky Lab said on Monday that it has been investigating a sophisticated cyber-espionage operation that it is calling “one of the most advanced threats at the moment”.

“During the past months we have been busy analyzing yet another sophisticated cyberespionage operation which has been going on at least since 2007, infecting victims in 27 countries,” the company wrote in a post to its Securelist blog. “We deemed this operation ‘The Mask” for reasons to be explained later.”

The Mask MalwareAccording to Kaspersky, the advanced malware leverages high-end exploits, and includes a bootkit and rootkit, and also has versions for Mac OS and Linux. Interestingly, researchers also found that the malware packs a customized attack specifically against Kaspersky’s security software.

The combined features of the sophisticated malware puts it above Duqu in terms of sophistication, the company said.

According to Kaspersky, authors of The Mask appear to be native in a language “observed very rarely in APT attacks”.

For the time being, Kaspersky Lab is keeping additional details under wraps, but the company said it would present more about “The Mask” at the Kaspersky Security Analyst Summit 2014 (SAS), taking place next week in Punta Cana, Dominican Republic.

The Kaspersky Security Analyst Summit is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community. 

Over the past few years, the Russian security firm has uncovered several complex espionage campaigns likely supported by nation-states.

In 2012, the company uncovered Flame, a cyber-espionage operation targeting the Middle East, principally Iran and Israel, which had connections to the infamous Stuxnet malware used in an effort to sabotage Iranian nuclear operations. In early 2013, the company uncovered operation “RedOctober”, a sophisticated cyber-espionage campaign that targeted political and business groups throughout the world for more than five years. In June 2013, the company uncovered NetTraveler, another cyber espionage operation that hit more than 350 businesses and government agencies throughout the world. More recently, in September 2013, Kaspersky Lab uncovered details of “Kimsuky”, an ongoing cyber-espionage campaign targeting South Korean think tanks.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona