A hacking campaign orchestrated from a building in Beirut has taken six years intercepting text messages, call logs and files of journalists, military, business executives and other targets in 21 countries.
For this, they use fake versions of popular applications such as WhatsApp or Signal.
The group calls itself Dark Caracal, and operates from a building owned by the Lebanese Security Directorate. Its discovery has been made thanks to the work of the security company Lookout and the group of rights ciciles of the Electronic Frontier Foundation (EFF).
Among the data stolen by hackers, there are even authentication codes in two steps. According to the report, the malware of the attackers allows to activate the cameras and the microphone of the smartphone to record or photograph whatever they have around them. Apart from its own malware, Dark Caracal uses spyware used by some governments and agencies such as FinFisher.
“Dark Caracal has successfully carried out several simultaneous campaigns that we have evidence of, and that is only a small part of their total activity , ” the EFF explains in its report.
Researchers have tracked Dark Caracal’s activity to the government building in Lebanon thanks to the surveillance of the equipment the gruop used to test malware. These teams seemed to concentrate on Beirut.
Everything indicates that the intelligence agency of Lebanon supports in some way or is responsible for this new case of electronic espionage.
Judging by the infrastructure they have in 2017, the EFF suspects that Dark Caracal has carried out six major campaigns that have been developed over the years. The objectives are the most varied: Journalists, military, doctors, professors, scientists and civilians of all kinds as simple business workers. The victims belong to 21 countries, including the United States, Russia, China, or India.
Access to text messages, browsing history, call log and geolocation allows Dark Caracal hackers to compose a very accurate portrait of a person’s life. It is known that they also used Windows-based malware to take screenshots and copy files from desktops. Most Android applications with Malware are injected into users through fake FaceBook and WhatsApp messages. The report of the EFF explains:
One of the most interesting details about this attack is that it does not require sophisticated tools or brute force. All it needs from the users it spies on is to give it application permissions, something they already do when they install applications infected with malware. The report shows how easy it can be for governments to spy on anyone in their country or in others.