ETDA ThaiCERT
Report
Search
Home > List all groups > Careto, The Mask

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Careto, The Mask

NamesCareto (Kaspersky)
The Mask (Kaspersky)
Mask (Kaspersky)
Ugly Face (Kaspersky)
Country[Unknown]
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2007
Description(Kaspersky) The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. The name “Mask” comes from the Spanish slang word “Careto” (“Ugly Face” or “Mask”) which the authors included in some of the malware modules.

More than 380 unique victims in 31 countries have been observed to date. What makes “The Mask” special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, 32-and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (Apple iOS).
ObservedSectors: Education, Energy, Government and Diplomatic missions.
Countries: Brazil, France, Germany, Iran, Libya, Morocco, Poland, South Africa, Spain, Switzerland, Tunisia, UK, USA, Venezuela.
Tools usedCareto.
Counter operationsFeb 2014At the moment, all known Careto C&C servers are offline. The attackers began taking them offline in January 2014. We were also able to sinkhole several C&C servers, which allowed us to gather statistics on the operation.
<https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/>
Information<https://d2538mqrb7brka.cloudfront.net/wp-content/uploads/sites/43/2018/03/20133638/unveilingthemask_v1.0.pdf>
<https://securelist.com/the-caretomask-apt-frequently-asked-questions/58254/>

Last change to this card: 16 May 2020

Download this actor card in PDF or JSON format

Previous: CardinalLizard
Next: Chafer, APT 39

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key