MASIGNCLEAN104

Researchers Uncover Government-Sponsored Mobile Hacking Grouping Operating Since 2012

iklan banner
 H5N1 global mobile espionage crusade collecting a trove of sensitive personal information f Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012
H5N1 global mobile espionage crusade collecting a trove of sensitive personal information from victims since at to the lowest degree 2012 has accidentally revealed itself—thanks to an exposed server on the opened upwards internet.

It's 1 of the start known examples of a successful large-scale hacking functioning of mobile phones rather than computers.

The advanced persistent threat (APT) group, dubbed Dark Caracal, has claimed to conduct maintain stolen hundreds of gigabytes of data, including personally identifiable information as well as intellectual property, from thousands of victims inward to a greater extent than than 21 dissimilar countries, according to a novel report from the Electronic Frontier Foundation (EFF) as well as safety theater Lookout.

After mistakenly leaking some of its files to the internet, the shadowy hacking grouping is traced dorsum to a edifice owned past times the Lebanese General Directorate of General Security (GDGS), 1 of the country's intelligence agencies, inward Beirut.
"Based on the available evidence, it's probable that the GDGS is associated alongside or direct supporting the actors behind Dark Caracal," the written report reads.
According to the 51-page-long written report [PDF], the APT grouping targeted "entities that a nation-state powerfulness attack," including governments, armed forces personnel, utilities, fiscal institutions, manufacturing companies, defense forcefulness contractors, medical practitioners, teaching professionals, academics, as well as civilians from numerous other fields.
 H5N1 global mobile espionage crusade collecting a trove of sensitive personal information f Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

Researchers also identified at to the lowest degree 4 dissimilar personas associated alongside Dark Caracal's infrastructure — i.e. Nancy Razzouk, Hassan Ward, Hadi Mazeh, as well as Rami Jabbour — alongside the aid of e-mail address op13@mail[.]com.
"The contact details for Nancy acquaint inward WHOIS information matched the populace listing for a Beirut-based private past times that name. When nosotros looked at the telephone release associated alongside Nancy inward the WHOIS information, nosotros discovered the same release listed inward exfiltrated content as well as beingness used past times an private alongside the refer Hassan Ward."
 H5N1 global mobile espionage crusade collecting a trove of sensitive personal information f Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012
"During July 2017, Dark Caracal’s cyberspace service provider took the adobeair[.]net command as well as command server offline. Within a affair of days, nosotros observed it beingness re-registered to the e-mail address op13@mail[.]com alongside the refer Nancy Razzouk. This allowed us to position several other domains listed nether the same WHOIS e-mail address information, running similar server components. "

Multi-Platform Cyber Espionage Campaign

 H5N1 global mobile espionage crusade collecting a trove of sensitive personal information f Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012
Dark Caracal has been conducting multi-platform cyber-espionage campaigns as well as linked to ninety indicators of compromise (IOCs), including xi Android malware IOCs, 26 desktop malware IOCs across Windows, Mac, as well as Linux, as well as lx domain/IP based IOCs.

However, since at to the lowest degree 2012, the grouping has run to a greater extent than than x hacking campaigns aimed mainly at Android users inward at to the lowest degree 21 countries, including North America, Europe, the Middle East as well as Asia.

The information stolen past times Dark Caracal on its targets include documents, telephone yell upwards records, text messages, good recordings, secure messaging customer content, browsing history, contact information, photos, as well as location data—basically every information that allows the APT grouping to position the soul as well as conduct maintain an intimate await at his/her life.

To learn its chore done, Dark Caracal did non rely on whatever "zero-day exploits," nor did it has to learn the malware to the Google Play Store. Instead, the grouping used basic social applied scientific discipline via posts on Facebook groups as well as WhatsApp messages, encouraging users to take in a website controlled past times the hackers as well as application permissions.
"One of the interesting things well-nigh this ongoing assault is that it doesn’t require a sophisticated or expensive exploit. Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, non realizing that they contained malware," said EFF Staff Technologist Cooper Quintin. 
"This question shows it’s non hard to practice a strategy allowing people as well as governments to spy on targets around the world."

Here's How Dark Caracal Group Infects Android Users

 H5N1 global mobile espionage crusade collecting a trove of sensitive personal information f Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012
Once tricked into landing on the malicious websites, the victims were served mistaken updates to secure messenger apps, including WhatsApp, Signal, Threema Telegram, as well as Orbot (an opened upwards source Tor customer for Android), which eventually downloaded the Dark Caracal malware, dubbed Pallas, on targets' mobile devices.

Pallas is a slice of surveillance malware that's capable of taking photographs, stealing data, spying on communications apps, recording video as well as audio, acquiring location data, as well as stealing text messages, including two-factor authentication codes, from victims' devices.
"Pallas samples primarily rely on the permissions granted at the installation inward lodge to access sensitive user data. However, at that spot is functionality that allows an assaulter to instruct an infected device to download as well as install additional applications or updates." written report says.
"Theoretically, this way it’s possible for the operators behind Pallas to force specific exploit modules to compromised devices inward lodge to make consummate access."
Besides its ain custom malware, Dark Caracal also used FinFisher—a highly subway surveillance tool that is oftentimes marketed to police draw enforcement as well as authorities agencies—and a newly discovered desktop spyware tool, dubbed CrossRAT, which tin infect Windows, Linux, as well as OS X operating systems.
"Citizen Lab previously flagged the General Directorate of General Security inward a 2015 written report every bit 1 of 2 Lebanese authorities organizations using the FinFisher spyware5." written report says.
According to the researchers, though Dark Caracal targeted macOS as well as Windows devices inward diverse campaigns, at to the lowest degree 6 distinct Android campaigns were institute linked to 1 of its servers that were left opened upwards for analysis, revealing 48GB was stolen from around 500 Android phones.

Overall, Dark Caracal successfully managed to pocket to a greater extent than than 252,000 contacts, 485,000 text messages as well as 150,000 telephone yell upwards records from infected Android devices. Sensitive information such every bit personal photos, banking concern passwords as well as PIN numbers were also stolen.

The best way to protect yourself from such Android-based malware attacks is to e'er download applications from the official Google Play Store marketplace rather than from whatever third-party website.
Share This :