Search This Blog

Showing posts with label Dark Caracal. Show all posts

Lebanese Hackers leave data stolen from thousands of victims on open server

Last week, Electronic Frontier Foundation (EFF) and Lookout had released a report on a malware dubbed “Dark Caracal” that had stolen a huge amount of data from thousands of victims, such as journalists, military personnel, lawyers, activists, financial institutions, and other such organisations or individuals.

It seems that these hackers — who were deemed to be Lebanese and related to the nation-state as the signal was traced back to Lebanon's General Directorate of General Security (GDGS) — had left all the stolen data online on an unprotected server.

"It's almost like thieves robbed the bank and forgot to lock the door where they stashed the money," said Mike Murray, Lookout's head of intelligence.

According to EFF Director of Cybersecurity Eva Galperin, they were only able to pinpoint the hacking campaign to such a precise location as the government building because of their “extraordinarily poor operational security."

The stolen data included passwords, documents, call records, texts, contact information, photos, and other sensitive data. In Lookout security researcher Michael Flossman’s words, it was “literally everything.”

The report said that based on available evidence, it is likely that GDGS is either associated with or directly supporting the attackers behind Dark Caracal.

Lebanon Spyware Uncovered, Steals Data through Fake Messaging Apps

Researchers from non-profit campaign group Electronic Frontier Foundation (EFF) and mobile security group Lookout have together uncovered malware that targets individuals such as military personnel, journalists, lawyers, and activists, using fake apps that look like popular messaging apps like WhatsApp and Signal.

The malware, dubbed “Dark Caracal” by the researchers, targets known Android weaknesses and iOS has not been affected by it.

According to their report on Dark Caracal, the malware was traced back to a server in a Lebanese government building — a building belonging to the Lebanese General Security Directorate in Beirut, Lebanon — and seems like the threat could be coming from a nation-state.

“We have identified hundreds of gigabytes of data exfiltrated from thousands of victims, spanning 21+ countries in North America, Europe, the Middle East, and Asia,” the report read.

“This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying because phones are full of so much data about a person’s day-to-day life,” said EFF Director of Cybersecurity Eva Galperin.

Data stolen through the spyware includes documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.

According to EFF, WhatsApp or Signal have not been compromised, and Google has confirmed that the infected apps were not downloaded from its Play Store. Instead, the attackers use “spearphishing” to get these fake apps on targets’ phones, which is a phishing attack that specifically targets an individual using information the attacker has on the victim.

“All Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware,” said EFF Staff Technologist Cooper Quintin.

Dark Caracal has reportedly been operating since 2012 but has been unable to track down because of the number of similar attacks happening all over the world that have repeatedly been misattributed to other cybercrime groups.

This research has shed light on how governments and people are able to spy on individuals all over the world.