Dark Caracal APT – Lebanese intelligence is spying on targets[source: securityaffairs]

A new long-running player emerged in the cyber arena, it is the Dark Caracal APT, a hacking crew associated with to the Lebanese General Directorate of General Security that already conducted many stealth hacking campaigns.

Cyber spies belonging to Lebanese General Directorate of General Security are behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call logs, and files from journalists, military staff, corporations, and other targets in 21 countries worldwide.

New nation-state actors continue to improve offensive cyber capabilities and almost any state-sponsored group is able to conduct widespread multi-platform cyber-espionage campaigns.

This discovery confirms that the barrier to entry in the cyber-warfare arena has continued to
decrease and new players are becoming even more dangerous.

The news was reported in a detailed joint report published by security firm Lookout and digital civil rights group the Electronic Frontier Foundation.

The APT group was tracked as Dark Caracal by the researchers, its campaigns leverage a custom Android malware included in fake versions of secure messaging apps like Signal and WhatsApp.
“Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal2, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen
data includes enterprise intellectual property and personally identifiable information.” states the report.

The attack chain implemented by Dark Caracal relies primarily on social engineering, the hackers used messages sent to the victims via Facebook group and WhatsApp messages. At a high-level, the hackers have designed three different kinds of phishing messages to trick victims into visiting a compromised website, a typical watering hole attack.

For more, click here.

Share