Dark Caracal: Global Cyber Espionage Campaign Operators

Delaware, USA – January 19, 2018 – It became known about yet another global cyber espionage campaigns, which were conducted for at least five years and affected thousands of victims in more than 20 countries. Researchers from Lookout and the Electronic Frontier Foundation published the detailed report on the operations of a cybercriminal group dubbed Dark Caracal. Cybercriminals targeted governments, enterprises, military contractors, journalists, medical and educational institutions in North America, Europe, Asia and the Middle East. The main malware used for data theft was APT Pallace for Android, it helped attackers steal contact lists, telephone calls, data from various messengers, credentials and files stored on the devices. Researchers report hundreds of gigabytes of stolen data. Data was stolen not only from mobile devices: cybercriminals from Dark Carakal used infamous FinFisher and Bandook RAT malware to attack other systems, as well as its own development – CrossRAT for Windows, Linux and OSX systems. The malware was distributed via phishing messages in social networks and popular messengers.

Researchers believe that so far they have found only a small bit of this group’s operations. They also assume that other cybercriminals also used the Dark Caracal infrastructure for their malicious operations.

The report contains over 90 indicators of compromise that will help your security team uncover signs of the attack. Also, you can leverage APT Framework for your SIEM, which will help you make the most effective use of available security tools to detect such threats.