Talk:Dark Caracal

Definition
I believe the definition needs to be fixed. This article currently defines Dark Caracal as a "spyware system". However, the primary sources define it as an "actor" and/or a "malware espionage campaign" and most of the reliable secondary sources define it as either a "hacker group" or a "spyware campaign conducted by a hacker group".

Primary sources:


 * As the modern threat landscape has evolved, so have the actors. The barrier to entry for cyber-warfare has continued to decrease, which means new nation states — previously without significant offensive capabilities — are now able to build and deploy widespread multi-platform cyber-espionage campaigns. This report uncovers a prolific actor with nation-state level advanced persistent threat (APT) capabilities, who is exploiting targets globally across multiple platforms. The actor has been observed making use of desktop tooling, but has prioritized mobile devices as the primary attack vector. This is one of the first publicly documented mobile APT actors known to execute espionage on a global scale. Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut.


 * Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.


 * The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. [...] The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.

Secondary sources:


 * Hackers allegedly working for the government of Lebanon stole hundreds of gigabytes from thousands of victims all over the world, and they did it using phishing, relatively simple custom-made malware with no fancy zero-day exploits, and using recycled infrastructure, according to a new report. [...] The researchers have dubbed the group Dark Caracal and they identified victims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors going as far back as 2012. The researchers declined to give out more details about the targets. This makes them “the most globally active” government hacking group Lookout has seen to date, according to the firm’s researcher Michael Flossman.


 * The hackers have been dubbed Dark Caracal and, after mistakenly leaking digital clues, were traced back to a building belonging to the Lebanese General Security Directorate in Beirut, where the country's chief communications intelligence agency operates. The researchers claimed the group had stolen hundreds of gigabytes of data across more than 20 countries in North America, Europe, the Middle East and Asia, with at least 2,000 victims in total. Michael Flossman, security researcher at Lookout, told Forbes there are likely many thousands more infected with the group's various spywares for PCs and cellphones, noting he and his colleagues didn't have complete visibility of the Dark Caracal attacks.


 * There’s a string of spyware campaigns operating out of a government building in Lebanon, according to new research from Lookout Security and the Electronic Frontier Foundation. Dubbed “Dark Caracal,” the new group is linked to attacks on thousands of victims in more than 21 different countries, a range of targets so broad that researchers believe the campaign may represent a new kind of spyware for hire. [...] Galperin believes Caracal is part of a new kind of spyware service, one that contracts jobs by the target rather than selling tools outright. Seen through that lens, the Caracal attacks look like a single actor based in Lebanon taking on six jobs at once for a variety of buyers, a kind of digital spy for hire.


 * The hacking campaign exposed Thursday by EFF and Lookout — which they dub “Dark Caracal” — was discovered in the wake of an entirely different cyberespionage campaign targeting Kazakh journalists and lawyers.


 * Dubbed Dark Caracal, the advanced persistent threat (APT) campaign has managed to steal hundreds of gigabytes of data, including personal information and intellectual property, from more than 21 countries and thousands of victims, according to the 51-page report (PDF) released Thursday.


 * The threat, dubbed Dark Caracal by the researchers, looks as if it could come from a nation state and appears to use shared infrastructure linked to other nation-state hackers, the report said. [...] The researchers believe Dark Caracal has been operating since 2012 but it has been hard to track because of the diversity of seemingly unrelated espionage campaigns originating from the same domain names. Over the years Dark Caracal's work has been repeatedly misattributed to other cybercrime groups, the researchers said.


 * The state-backed hackers, dubbed “Dark Caracal” by the report’s authors - after a wild cat native to the Middle East - used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.

I propose that we change the definition from "spyware system" to something like "spyware campaign conducted by a hacker group". --Dodi 8238 (talk) 09:14, 20 January 2018 (UTC) [edited 11:10, 20 January 2018 (UTC)]

This secondary source also supports the idea that Dark Caracal refers to the campaign:


 * The campaign, discovered by the Electronic Frontier Foundation and the mobile security firm Lookout, is known as Dark Caracal and seems to be the work of nation state-funded hackers.

Because there have been no objections, I have now made the change myself. --Dodi 8238 (talk) 13:27, 21 January 2018 (UTC)