Criminal group "Careto" allegedly directed by Spanish government
China and Russia are not the only countries controlling cyber gangs. Former Kaspersky employees claim that the "Careto" gang is controlled by Spain.
(Image: dream down/Shutterstock.com)
Back in 2014, Kaspersky analysts were investigating suspicious network traffic that they initially thought belonged to known state-controlled groups. This was supported by the similar targets and phishing campaigns. However, it was not the “usual suspects” China, North Korea or Russia.
This is what former Kaspersky employees told TechCrunch magazine behind closed doors. According to them, it was a much more advanced IT operation that targeted the Cuban government, among others. After some time, they were able to attribute the network activities to a previously unknown Spanish-speaking cyber group, which they called “Careto”. The name comes from the colloquial Spanish word meaning “ugly face” or “mask”, which was found in the malware code.
Ex-Kaspersky employee: Spanish government pulled the strings
No one has yet officially and publicly assigned the “Careto” cyber gang to a specific government. However, the ex-Kaspersky analysts who first discovered the group were convinced that IT experts were behind the “Careto” espionage operation on behalf of the Spanish government.
The “Careto” malware was very advanced for the time, Kaspersky categorized the group as one of the most advanced threats. It was able to steal sensitive data, including private conversations and keystrokes, from infected computers. The malware was used to break into government organizations and private companies. Kaspersky avoided publicly naming the masterminds behind “Careto”. Internally, however, IT researchers were already pointing the finger at the Spanish government.
Videos by heise
Only a few state-controlled cyber groups from Western governments are known. For example, the Equation Group, which is commonly believed to be backed by the NSA, or the Lamberts Group with suspected links to the CIA, TechCrunch mentions. In addition, cyber gang Animal Farm, which is attributed to France and is said to be responsible for the Babar and Dino malware. Spain thus joins the ranks of small Western groups with state-organized cyberattackers.
As a rule, the focus is particularly on cyber gangs from states that have malicious intentions from a Western perspective. For example, the Lazarus gang from North Korea, which spies and procures foreign currency. The criminal organization Fancy Bear, which is coordinated by the Russian Secret Service, is also widely known – Microsoft proposed a naming scheme in 2023, according to which the group is now called “Forest Blizzard”. However, Western groups have not been given a namespace – It is known that, in addition to the USA, Israel, and the United Kingdom also maintain such threat actors or advanced persistent threats (APTs).
(dmk)
