In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed “Dark Caracal.” Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report we will present evidence that the cyber mercenary group Dark Caracal is still active and continues to be focused on Latin America, as was reported last year. We have discovered that Dark Caracal, using the Bandook spyware, is currently infecting over 700 computers in Central and South America, primarily in The Dominican Republic and Venezuela.
In our original 2018 report, we described a campaign targeting thousands of Lebanese citizens with several different malware families, including a brand new mobile remote access trojan we named Pallas and a Windows remote access trojan called Bandook. Through our research we were able to shut down the malware campaign and notify a number of the victims. Our Operation Manul report established that the actors behind the campaign were working with the governments of Lebanon and Kazakhstan. The variety of targets and the apparent involvement of multiple governments throughout the campaigns lead us to believe that Dark Caracal is a cyber-mercenary or hack-for-hire group.
Since our original Dark Caracal report, there have been multiple reports on their continued activities. Checkpoint Research wrote about a campaign in 2020 and we have continued to follow the activities of Dark Caracal with our most recent report, also in 2020. Most recently, ESET wrote about Dark Caracal activities in Latin America in their report
Read the original article: