IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

'Dark Caracal' operation blamed for the hacking of thousands of victims in 21 countries

The operation stole data from military personnel, government officials and medical practitioners among others

A hacking operation that has been dubbed 'Dark Caracal' is responsible for stealing private data from thousands of individuals and businesses from more than 21 different countries starting in 2012, according to research by Lookout and Electronic Frontier Foundation (EFF) released last week.

A joint report from the organisations revealed that the spying operation has targeted a range of different platforms but focused on mobile devices, using Android malware called Pallas to steal hundreds of gigabytes of data.

In order to gain access to victims devices, the hackers used phishing techniques to install 'trojanised' versions of messaging apps such as WhatsApp and Signal. Once installed, the Android malware can be used to collect a range of sensitive information including call logs, photos, messages, audio recordings, location data and more.

The professions of victims duped by the operation are incredibly wide-ranging.

"Thus far, we have identified members of the military, government officials, medical practitioners, education professionals, academics, civilians from numerous other fields, and commercial enterprises as targets," the report explained.

What is Dark Caracal?

Dark Caracal is described in the report as having "nation-state level advanced persistent threat (APT) capabilities", but the researchers stop short of explicitly saying it's a state-sponsored operation. However, they do reveal they believe the operation to be run from a Lebanese government building in Beirut, more specifically the headquarters of the General Directorate of General Security.

It's this revelation, along with the the fact many of the operation's different spying campaigns were deemed "seemingly unrelated" by researchers, that suggests Dark Caracal might be a type of government spyware 'for hire', carrying out spying jobs on behalf of a variety of clients.

"We believe the actors would use Pallas against any target a nation state would otherwise attack, including governments, militaries, utilities, financial institutions, manufacturing companies, and defense contractors," a blog post on Lookout's website explains.

EFF and Lookout began investigating Dark Caracal after EFF released its Operation Manul report, which shed light on another spying operation aimed at "journalists, activists, lawyers, and dissidents" who had spoken out against President Nursultan Nazarbayev's regime in Kazakhstan. The researchers spotted that Dark Caracal uses the same "infrastructure" and software as Manul, despite not sharing any of the same targets, bolstering the case that the operation might now have extended to a kind of cybercrime service.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Bahrain targets activists with NSO's Pegasus spyware
spyware

Bahrain targets activists with NSO's Pegasus spyware

24 Aug 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022