Back in 2014, researchers at Russian cybersecurity firm Kaspersky discovered malware infecting computers in Cuba. At first, they thought it was from a known group, but it turned out to be something far more advanced. They named the new group “Careto,” which means “ugly face” or “mask” in Spanish, after spotting the word in the malware code.
Though Kaspersky never publicly said who was behind Careto, former employees told TechCrunch that inside the company, it was widely believed the hackers worked for the Spanish government. “There was no doubt,” said one ex-employee, adding that Kaspersky had a strict policy not to name countries involved in hacking.
Careto’s malware was incredibly advanced for its time. It could steal sensitive data, including private messages, passwords, Skype calls, screenshots, and even listen in using a computer’s microphone — all without the user knowing. It targeted governments, energy companies, research groups, and even activists in 31 countries, including Cuba, Brazil, France, the UK, and Morocco.
Kaspersky’s researchers discovered the group after a Cuban government worker’s computer was infected. Cuba turned out to be Careto’s top target, which raised suspicion. At the time, Cuba was harboring members of the Basque separatist group ETA — a group Spain considered a terrorist organization. That gave Spain a strong reason to spy.
The malware also contained clues that hinted at Spanish origins. One part of the code included a Spanish curse word only used in Spain, not other Spanish-speaking countries. Kaspersky’s original report even included images referencing Spain’s culture — like a bull, castanets, and Spain’s national colors.
Careto stopped all activity shortly after Kaspersky’s 2014 report went public. The hackers wiped their tracks completely — a rare and highly advanced move. But in 2024, Kaspersky announced that Careto had returned, targeting an unnamed organization in Latin America and another in Central Africa. The group’s new attacks were linked to earlier ones through similarities in tools, filenames, and hacking methods.
Despite these strong indicators, Kaspersky researchers still publicly avoid naming who’s responsible. “It’s likely a nation-state,” said Kaspersky expert Georgy Kucherin, “but technically, we can’t say who.”
One thing is clear: Careto’s operations were incredibly complex and well-executed. Compared to larger hacking groups from China or North Korea, Kucherin said, “Their attacks are a masterpiece.”
Source: Tech Crunch
Tags:
Cyber News
