Press ESC to close

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

Category Details
Threat Actors The Mask (aka Careto)
Campaign Overview Attacks in 2019 and 2022 targeting a Latin American organization; observed activity in early 2024 targeting an unknown entity.
Target Regions Latin America (specific organization); Unspecified victims in other cases.
Methodology Spear-phishing emails with links to malicious sites exploiting browser zero-days (e.g., CVE-2012-0773); persistence through MDaemon webmail’s WorldClient extension.
Product Targeted MDaemon WorldClient, HitmanPro Alert software.
Malware Reference Careto2, Goreto, FakeHMP (“hmpalert.dll”).
Tools Used Malicious DLLs, microphone recorder, file stealer, modular malware frameworks.
Vulnerabilities Exploited CVE-2012-0773; exploits targeting HitmanPro Alert driver’s DLL validation weaknesses.
TTPs Spear-phishing, zero-day browser exploits, malicious DLL injection, data exfiltration via Microsoft OneDrive and Google Drive, custom implants.
Attribution Origins unknown; first identified in 2007 by Kaspersky.
Recommendations 1. Patch systems to mitigate known vulnerabilities. 2. Monitor email server configurations for suspicious changes. 3. Deploy behavioral analytics to detect anomalies.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html

The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *