Researchers Discover Spyware Campaigns Operating From A Government Building In Lebanon
Something really interesting seems to be happening in Lebanon. According to a new research by the Lookout Security and the Electronic Frontier Foundation, there seems to be a string on spyware campaigns operating from a government building. The group behind it, dubbed ‘Dark Caracal’, is linked to various attacks on thousands of victims across 21 countries. Researchers seem to believe that there may be some sort of spyware for hire under play.
Unsophisticated Malware Behind All The Attacks?
The basic strategies are very similar to the previous government linked spywares. The data being siphoned from individuals’ phones include, phone records, chats, passwords etc. basically anything that describes who a person really is. The malware isn’t usually very sophisticated but targets information that is private for people and the victims are not pleased with it.
When researchers got access to one of the servers being used by the group, they were able to trace it back to a government building in Lebanon. The researchers managed to find a lot of Wi-Fi network records on the server that were probably used to track people’s locations. Tracing spyware to a government building is extremely questionable however, the researchers aren’t willing to attribute all this activity to specifically one place.
The interesting thing is that there have been a wide range on targets being attacked with similar tools. The researchers tracked at least campaigns that were running in parallel but in very non-linked locations like Germany, Venezuela and Pakistan. There was a similar campaign back in 2015 in Kazakhstan. Now, why would the Lebanese government be responsible for such un-linked campaigns. It is very hard to believe.
Problem Is Bigger Than It Seems
It is believed that the group is part of a new kind of service. With this service they contract jobs rather than selling the tools. According to Eva Galperin, a lead author on the report, “They’re running the infrastructure and selling the portals. Up until now, we had largely been looking at companies that sell spyware directly to nation states.”
If any of this is actually true, then it is definitely something to worry about. There is a possibility that this step would enable spyware programs in places without the resources to do so. More research is currently needed to exactly ensure who is behind these campaigns. “This campaign is definitely based out of Lebanon,” says Galperin. “Otherwise, we have a lot of information about the infrastructure, but we don’t have a lot of information about who runs it.”