The Spanish-speaking hacking group known as Careto has come under scrutiny after research from cybersecurity firm Kaspersky suggested potential links to the Spanish government. Careto’s advanced malicious code was first detected in 2014. Its far-reaching influence has poisoned targets in 31 countries across five continents, with a specific emphasis on Cuba—where it compromised a sacred governmental institution.
Kaspersky’s discoveries imply that Careto is probably induced to Cuba due to the existence of ETA members there. As of late 2013, upward of 15 members of the Basque separatist group had been residing in the country with the express approval of the local government. This context provides a look at the geopolitical motivations and ideological underpinnings behind Careto’s cyber activities.
Evolution of Careto’s Cyber Operations
Careto first came into the cybersecurity limelight after Kaspersky discovered it in 2014. As if that wasn’t enough, their use of sophisticated malware was matched by a seeming strategic intent to target the biggest scope of regions – especially Latin America. The malware was most prominently seen in the countries of Cuba, Brazil, Colombia, and Venezuela.
Careto’s primary victims were spread throughout North Africa as well, specifically in Algeria, Morocco, and Libya. They further broke into systems in Europe, getting onto networks in France, Spain, and the United Kingdom. As Kaspersky researcher Georgy Kucherin put it, the group’s cyber operations were a “magnum opus.” He spotlighted the amazing sophistication that lay behind their strikes.
“Their attacks are a masterpiece.” – Georgy Kucherin, Kaspersky researcher
What Kaspersky’s research helps underscore is that Careto, for all their prowess in the cyber domain, still committed minor but important mistakes. These oversights could link their present day operations to malicious attacks of a cyber decade past. Inconsistent disclosure These oversights call into question the group’s day-to-day security and decision-making processes.
Technical Prowess and Malware Capabilities
Careto’s malware boasts alarming capabilities, including turning on a computer’s microphone, stealing sensitive files, and accessing user accounts without needing passwords. One other interesting thing about their malware is a string with “Caguen1aMar,” a contraction of a common Spanish curse word. Such traits are a marker of cultural sophistication that reveals the indications of a group’s ancestry.
The scope of Careto’s malware deployment raised the fears of cybersecurity specialists everywhere. Their talent for infiltration and subversion without being caught showcased gaps in security across nearly every sector. As one former Kaspersky employee remarked, “You can’t do that if you’re not prepared.“
“It’s likely a nation state.” – Georgy Kucherin, Kaspersky researcher
While there is substantial evidence suggesting Careto’s operations align with state-sponsored cyber activities, Kaspersky refrains from formal attribution to any specific government. Mai Al Akkad, a spokesperson for Kaspersky, emphasized their cautious approach: “We don’t engage in any formal attribution.”
Insights into Careto’s Operational Tactics
According to Kaspersky’s research, Careto ran its cyber operations with a notable level of care and precision. The group’s operational practices featured several “small but fatal mistakes,” indicating they may have eroded their anonymity and operational security. Kucherin noted that the group just overall displayed great technical abilities. More importantly, such mistakes are symptomatic of major weaknesses in their opsec.
Former Kaspersky employee, Dmitri Alperovitch, revealed that the company was certain about the identity behind the attacks. The truth is, internally, everybody knew who was responsible. We all knew internally who it was,” they said. But worry over the backlash of making that kind of information available to the public pushed the attribution effort in a more timid direction.
“There was no doubt of that, at least no reasonable [doubt].” – former Kaspersky employee
In discussing the group’s operational efficiencies and capabilities, another former employee recounted how quickly Careto could dismantle its infrastructure following an operation: “They systematically, and in a quick manner, destroyed the whole thing, the whole infrastructure. Boom. It was just gone.”
Leave a Reply