Search
  • Videos
  • 5G
  • Windows 10
  • Cloud
  • Innovation
  • Security
  • Tech Pro
  • more
    • Apple
    • ZDNet Academy
    • Microsoft
    • Mobility
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Log In to ZDNET
    • Join ZDNet
    • About ZDNet
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • 5G
    • Windows 10
    • Cloud
    • Innovation
    • Security
    • Tech Pro
    • Apple
    • ZDNet Academy
    • Microsoft
    • Mobility
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Log In to ZDNET
      • Join ZDNet
      • About ZDNet
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet China
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Slides from Kaspersky's 'The Mask' malware presentation

1 of 22 NEXT PREV
  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    PUNTA CANA, Dominican Republic -- Kaspersky’s security research team revealed "one of the most advanced" cyber-espionage malware threats “The Mask” (aka Careto) at the 2014 Security Analyst Summit this week.

    ZDNet attended Kaspersky's presentaiton of "Behind the Mask" -- our photos of the presentation and its slides offer more details about the malware.

    Slides of the presentation have not yet been published online.

    IOC information has been included in Kaspersky's detailed technical research paper.

    See:  Washington Post, Guardian links used to infect The Mask malware victims

    The malware's primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research institutions, private equity firms and high-profile activists.

    The researchers specifically named The Mask's phishing bait as "The Guardian" and "Washington Post" links sent in targeted emails.

    The Mask collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files.

    There are also several unknown extensions being monitored that Kaspersky has not been able to identify and said "could be related to custom military/government-level encryption tools."

    The researchers said, "At the moment, all known Careto command and control servers are offline. The campaign was active [from 2007] until January 2014, but during our investigations the C&C servers were shut down."

    Kaspersky added that the malware's most active year for variants was 2012 in its official Mask FAQ, published after the presentation and announcements, at the end of conference day one.

    More: Infographic: The Mask malware victims

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    PUNTA CANA, Dominican Republic -- Kaspersky’s security research team revealed "one of the most advanced" cyber-espionage malware threats “The Mask” (aka Careto) at the 2014 Security Analyst Summit this week.

    See:  Washington Post, Guardian links used to infect The Mask malware victims

    ZDNet attended Kaspersky's presentation of "Behind the Mask" -- our photos of the presentation and its slides offer more details about the malware.

    Slides of the presentation have not yet been published online.

    IOC information about The Mask is in Kaspersky's research paper.

    The malware's primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research institutions, private equity firms and high-profile activists.

    The researchers specifically named The Mask's phishing bait as "The Guardian" and "Washington Post" links sent in targeted emails.

    The Mask collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files.

    There are also several unknown extensions being monitored that Kaspersky has not been able to identify and said "could be related to custom military/government-level encryption tools."

    The researchers said, "At the moment, all known Careto command and control servers are offline. The campaign was active [from 2007] until January 2014, but during our investigations the C&C servers were shut down."

    Kaspersky added that the malware's most active year for variants was 2012 in its official Mask FAQ, published after the presentation and announcements, at the end of conference day one.

    More: Infographic: The Mask malware victims

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    PUNTA CANA, Dominican Republic -- Kaspersky’s security research team revealed "one of the most advanced" cyber-espionage malware threats “The Mask” (aka Careto) at the 2014 Security Analyst Summit this week.

    See:  Washington Post, Guardian links used to infect The Mask malware victims

    ZDNet attended Kaspersky's presentation of "Behind the Mask" -- our photos of the presentation and its slides offer more details about the malware.

    Slides of the presentation have not yet been published online.

    IOC information about The Mask is in Kaspersky's research paper.

    The malware's primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research institutions, private equity firms and high-profile activists.

    The researchers specifically named The Mask's phishing bait as "The Guardian" and "Washington Post" links sent in targeted emails.

    The Mask collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files.

    There are also several unknown extensions being monitored that Kaspersky has not been able to identify and said "could be related to custom military/government-level encryption tools."

    The researchers said, "At the moment, all known Careto command and control servers are offline. The campaign was active [from 2007] until January 2014, but during our investigations the C&C servers were shut down."

    Kaspersky added that the malware's most active year for variants was 2012 in its official Mask FAQ, published after the presentation and announcements, at the end of conference day one.

    More: Infographic: The Mask malware victims

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

  • Kaspersky Labs "The Mask"

    Kaspersky Labs "The Mask"

    Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

    Caption by: Violet Blue

1 of 22 NEXT PREV
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"
  • Kaspersky Labs "The Mask"

Researchers shared their discovery and research on espionage malware "The Mask" (aka Careto) at the Kaspersky Labs security summit this week. ZDNet took photos of the presentation.

Read More Read Less

Kaspersky Labs "The Mask"

PUNTA CANA, Dominican Republic -- Kaspersky’s security research team revealed "one of the most advanced" cyber-espionage malware threats “The Mask” (aka Careto) at the 2014 Security Analyst Summit this week.

ZDNet attended Kaspersky's presentaiton of "Behind the Mask" -- our photos of the presentation and its slides offer more details about the malware.

Slides of the presentation have not yet been published online.

IOC information has been included in Kaspersky's detailed technical research paper.

See:  Washington Post, Guardian links used to infect The Mask malware victims

The malware's primary targets are government institutions, diplomatic offices and embassies, energy, oil and gas companies, research institutions, private equity firms and high-profile activists.

The researchers specifically named The Mask's phishing bait as "The Guardian" and "Washington Post" links sent in targeted emails.

The Mask collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys and RDP files.

There are also several unknown extensions being monitored that Kaspersky has not been able to identify and said "could be related to custom military/government-level encryption tools."

The researchers said, "At the moment, all known Careto command and control servers are offline. The campaign was active [from 2007] until January 2014, but during our investigations the C&C servers were shut down."

Kaspersky added that the malware's most active year for variants was 2012 in its official Mask FAQ, published after the presentation and announcements, at the end of conference day one.

More: Infographic: The Mask malware victims

Published: February 13, 2014 -- 05:54 GMT (21:54 PST)

Caption by: Violet Blue

1 of 22 NEXT PREV

Related Topics:

Security Government Security TV Data Management CXO Data Centers
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • Data leaks: The most common sources

    This gallery contains a list of the technologies that have been many times at the heart of a large number of data breaches incidents in the past few years. ...

  • Facebook's worst privacy scandals and data disasters

    Time and time again, Facebook has been slammed for privacy practices and data handling. Here are some of the most prominent, recent scandals of note.

  • The best VPN services: Our 10 favorite vendors for protecting your privacy

    Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet. One of these could be your best bet. ...

  • How to avoid being phished during holiday shopping season

    Although hackers are getting more and more sophisticated, you can still recognize that something is not right online. NordVPN shares tips on spotting a phishing message -- and keep ...

  • Many of 2018's most dangerous Android and iOS security flaws still threaten your mobile security

    Bypassing passcodes, malware-laden apps, and inherent design flaws exposing almost all known mobile devices made up part of the security problems found in iOS and Android. ...

  • Cybercrime and malware, 2019 predictions

    Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.

  • Apricorn Aegis Fortress L3 portable storage drive

    If you're looking for a fast, ultra-rugged, secure encrypted portable storage drive that's available in both HDD and SSD flavors, look no further than Apricorn's new Aegis Fortress ...

ZDNet
Connect with us

© 2019 CBS Interactive. All rights reserved. Privacy Policy | Cookies | Ad Choice | Advertise | Terms of Use | Mobile User Agreement

  • Topics
  • All Authors
  • Galleries
  • Videos
  • Sponsored Narratives
  • About ZDNet
  • Meet The Team
  • Site Map
  • RSS Feeds
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In | Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums