Dark Caracal, one of the most prolific cyber espionage campaigns, has been identified, according to researchers at Lookout and the Electronic Frontier Foundation.
The researchers say Dark Caracal is a nation-state campaign that has probably been operating from Lebanese government offices since 2012. EFF and Lookout published a joint report claiming that Dark Caracal has been harvesting personal information on targets associated with foreign military, government , defense contractors and academics.
Dark Caracal is the first campaign to primarily target mobile devices globally, and although the tools it uses are not particularly sophisticated, it has been running undetected for years.
The report has found 90 indicators of compromise, including phishing techniques and other social engineering tactics. The actors uploaded copycat apps, which looked exactly like the real version of messaging apps such as WhatsApp and Plus Messenger, to gain full surveillance access.
Although some of the targets were U.S.-based, researchers have found no evidence that U.S. government officials were compromised.
To identify the actors behind the campaign, EFF and Lookout have followed a digital trail, left by the software, which led back to a Lebanese intelligence agency.
“Devices for testing and operating the campaign were traced back to a building belonging to the Lebanese General Directorate of General Security,” states the report. “Based on the available evidence, it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal.”