Over a decade ago, Kaspersky’s researchers investigating suspicious online activity initially believed they were tracking a known, government-backed hacking group. However, they soon uncovered a more sophisticated operation targeting the Cuban government and others, ultimately attributing this network to an unknown Spanish-speaking collective, dubbed “Careto,” which means “ugly face” in Spanish.
Despite never publicly linking Careto to a specific government, internal discussions at Kaspersky led researchers to conclude that the group operated on behalf of the Spanish government. Careto was considered one of the most advanced malware threats of its time, capable of capturing sensitive data, including private conversations and keystrokes, much like contemporary state-sponsored spyware. The group focused on infiltrating governmental and corporate entities globally.
Internally, Kaspersky displayed confidence in attributing Careto’s actions to Spain, especially after noting significant attacks on a Cuban institution, which served as the initial trigger for their investigation. Connections to Spain were further suggested by the geographical focus of Careto’s targets, which included Brazil, Morocco, and Gibraltar, the latter being a disputed territory.
Kaspersky’s research, conducted in 2014, revealed that Careto had infected computers across 31 countries and employed tactics like spear-phishing, often cloaking malicious links as reputable Spanish news articles or other interests. Intriguingly, the malware featured Spanish-specific coding clues that supported the theory of a Spanish government origin.
Upon revealing Careto’s existence, Kaspersky articulated that the hacking group used techniques that showcased an alarming depth of sophistication, with capabilities for extensive data theft. After their findings were published, Careto abruptly ceased its activities, erasing logs and structures that could expose its operations—an unusual and telling move that elevated their status to elite government hackers.
Although Careto’s presence faded from public view, Kaspersky later detected its resurgence in 2024, with the group targeting both Latin American and Central African organisations. Notably, the techniques and tools employed in these recent operations echoed those from a decade earlier, showcasing their persistent advancement.
Kaspersky’s researchers have expressed uncertainty about the exact government behind Careto, suggesting that while it likely has state backing, pinpointing the identity remains an enigma. Still, they acknowledge Careto’s exceptional technical prowess and complex attack strategies, distinguishing it from larger, more prominent groups, thereby solidifying its reputation as an elite hacking entity.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
