The Mask

  • First known sample

  • Discovery

  • Number of targets

  • Current status

    Inactive since 2014
  • Type

    Cyberespionage toolkit
  • Targeted platforms

    OS X , Windows
  • TOP targeted countries

    Brazil , France , Iran , Libya , Morocco , Spain , Switzerland , Ukraine
  • The way of propagation

    Social engineering
  • Purpose/Functions

  • Special features
    The attackers use a very complex toolset that includes an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS).
  • Targets

    Academia/Research , Activists , Diplomatic organizations/embassies , Government entities , Private companies
  • Artefacts/Attribution
    Clues such as the use of the Spanish language are weak, as it is spoken in many countries, including Latin America, Mexico and the USA (for instance in Miami, where a strong Spanish-speaking community exists).
  • Description

    A highly sophisticated threat actor involved in cyber-espionage campaigns from 2007 to 2014 and known for its advanced toolkit. This group targeted representatives of the government, diplomatic embassies, energy industry, and research institutions around the globe. Targets were infected via spear-phishing emails with links to a malicious website; once inside the system, all communications channels were intercepted, and detection was extremely difficult because of the toolkit’s stealth abilities.

    Additional information