During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”.
The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007. Their targets are usually high-profile organizations, such as governments, diplomatic entities and research institutions. To infect them, The Mask uses complex implants, often delivered through zero-day exploits. The last time Kaspersky published their findings about The Mask was in early 2014, and since then, they have been unable to discover any further traces of this actor.
Read more…
Source: Kaspersky
Related:
- SonicWall blames state hackers for damaging data breach
November 6, 2025
SonicWall has blamed “state-sponsored threat actors” for the cloud backup security breach which hit its services in September 2025. In an update posted on the company’s website, SonicWall said it completed the investigation into the incident, and confirmed that the malicious activity was “carried out by a state-sponsored threat actor” and was “isolated to the unauthorized ...
- Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
November 6, 2025
Japanese media behemoth Nikkei has admitted to a data breach after miscreants slipped into its internal Slack workspace, exposing the personal details of more than 17,000 employees and business partners.… The company blamed the intrusion on malware that infected an employee’s device, letting attackers pinch Slack credentials and waltz into its chat system. Once the suspicious ...
- Android malware steals your card details and PIN to make instant ATM withdrawals
November 6, 2025
The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...
- Italian political consultant says he was targeted with Paragon spyware
November 6, 2025
Francesco Nicodemo, a consultant who works with left-wing politicians in Italy, has gone public as the latest person targeted with Paragon spyware in the country. On Thursday, Nicodemo said in a Facebook post that for 10 months, he preferred not to publicize his case because he “did not want to be used for political propaganda,” ...
- When Your Calendar Becomes the Compromise
November 6, 2025
It starts innocently enough. A new meeting appears in your Google calendar and the subject seems ordinary, perhaps even urgent: “Security Update Briefing,” “Your Account Verification Meeting,” or “Important Notice Regarding Benefits.” You assume you missed this invitation in your overloaded email inbox, and click “Yes” to accept. Unfortunately, calendar invites have become an overlooked delivery ...