'Dark Caracal' operation blamed for the hacking of thousands of victims in 21 countries

The operation stole data from military personnel, government officials and medical practitioners among others

A hacking operation that has been dubbed 'Dark Caracal' is responsible for stealing private data from thousands of individuals and businesses from more than 21 different countries starting in 2012, according to research by Lookout and Electronic Frontier Foundation (EFF) released last week.

A joint report from the organisations revealed that the spying operation has targeted a range of different platforms but focused on mobile devices, using Android malware called Pallas to steal hundreds of gigabytes of data.

In order to gain access to victims devices, the hackers used phishing techniques to install 'trojanised' versions of messaging apps such as WhatsApp and Signal. Once installed, the Android malware can be used to collect a range of sensitive information including call logs, photos, messages, audio recordings, location data and more.

The professions of victims duped by the operation are incredibly wide-ranging.

"Thus far, we have identified members of the military, government officials, medical practitioners, education professionals, academics, civilians from numerous other fields, and commercial enterprises as targets," the report explained.

What is Dark Caracal?

Dark Caracal is described in the report as having "nation-state level advanced persistent threat (APT) capabilities", but the researchers stop short of explicitly saying it's a state-sponsored operation. However, they do reveal they believe the operation to be run from a Lebanese government building in Beirut, more specifically the headquarters of the General Directorate of General Security.

It's this revelation, along with the the fact many of the operation's different spying campaigns were deemed "seemingly unrelated" by researchers, that suggests Dark Caracal might be a type of government spyware 'for hire', carrying out spying jobs on behalf of a variety of clients.

"We believe the actors would use Pallas against any target a nation state would otherwise attack, including governments, militaries, utilities, financial institutions, manufacturing companies, and defense contractors," a blog post on Lookout's website explains.

EFF and Lookout began investigating Dark Caracal after EFF released its Operation Manul report, which shed light on another spying operation aimed at "journalists, activists, lawyers, and dissidents" who had spoken out against President Nursultan Nazarbayev's regime in Kazakhstan. The researchers spotted that Dark Caracal uses the same "infrastructure" and software as Manul, despite not sharing any of the same targets, bolstering the case that the operation might now have extended to a kind of cybercrime service.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Most Popular

Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021
16 ways to speed up your laptop

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021