Mysterious hacking group Careto was run by the Spanish government, sources say

Summary

More than a decade ago, researchers at antivirus company Kaspersky identified suspicious internet traffic of what they thought was a known government-backed group, based on similar targeting and its phishing techniques. Soon, the researchers realized they had found a much more advanced hacking operation that was targeting the Cuban government, among others. Eventually the researchers were able to attribute the network activity to a mysterious — and at the time completely unknown — Spanish-speaking hacking group that they called Careto, after the Spanish slang word (“ugly face” or “mask” in English), which they found buried within the malware’s code. Careto was never publicly linked to a specific government. But TechCrunch has now learned that the researchers who first discovered the group were convinced that Spanish government hackers were behind Careto’s espionage operations. When Kaspersky first revealed the existence of Careto in 2014, its researchers called the group “one of the most advanced threats at the moment,” with its stealthy malware capable of stealing highly sensitive data, including private conversations and keystrokes from the computers it compromised, much akin to powerful government spyware today. Careto’s malware was used to hack into government institutions and private companies around the world. Kaspersky avoided publicly blaming who it thought was behind Careto. But internally, according to several people who worked at Kaspersky at the time and had knowledge of the investigation, its researchers concluded that Careto was a hacking team working for the Spanish government. “There was no doubt of that, at least no reasonable [doubt],” one of the former employees told TechCrunch, who like other sources in this story agreed to speak on condition of anonymity to discuss sensitive matters. Careto is one of only a handful of Western government hacking groups that has ever been discussed in public, along with U.S. government units such as Equation Group...