'Dark Caracal' operation blamed for the hacking of thousands of victims in 21 countries

The operation stole data from military personnel, government officials and medical practitioners among others

A hacking operation that has been dubbed 'Dark Caracal' is responsible for stealing private data from thousands of individuals and businesses from more than 21 different countries starting in 2012, according to research by Lookout and Electronic Frontier Foundation (EFF) released last week.

A joint report from the organisations revealed that the spying operation has targeted a range of different platforms but focused on mobile devices, using Android malware called Pallas to steal hundreds of gigabytes of data.

Advertisement - Article continues below

In order to gain access to victims devices, the hackers used phishing techniques to install 'trojanised' versions of messaging apps such as WhatsApp and Signal. Once installed, the Android malware can be used to collect a range of sensitive information including call logs, photos, messages, audio recordings, location data and more.

The professions of victims duped by the operation are incredibly wide-ranging.

"Thus far, we have identified members of the military, government officials, medical practitioners, education professionals, academics, civilians from numerous other fields, and commercial enterprises as targets," the report explained.

What is Dark Caracal?

Dark Caracal is described in the report as having "nation-state level advanced persistent threat (APT) capabilities", but the researchers stop short of explicitly saying it's a state-sponsored operation. However, they do reveal they believe the operation to be run from a Lebanese government building in Beirut, more specifically the headquarters of the General Directorate of General Security.

Advertisement
Advertisement - Article continues below

It's this revelation, along with the the fact many of the operation's different spying campaigns were deemed "seemingly unrelated" by researchers, that suggests Dark Caracal might be a type of government spyware 'for hire', carrying out spying jobs on behalf of a variety of clients.

Advertisement - Article continues below

"We believe the actors would use Pallas against any target a nation state would otherwise attack, including governments, militaries, utilities, financial institutions, manufacturing companies, and defense contractors," a blog post on Lookout's website explains.

EFF and Lookout began investigating Dark Caracal after EFF released its Operation Manul report, which shed light on another spying operation aimed at "journalists, activists, lawyers, and dissidents" who had spoken out against President Nursultan Nazarbayev's regime in Kazakhstan. The researchers spotted that Dark Caracal uses the same "infrastructure" and software as Manul, despite not sharing any of the same targets, bolstering the case that the operation might now have extended to a kind of cybercrime service.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020