While tracking these domains, Cooper Quintin discovered that the hackers were using the same servers to launch a new cyber campaign against various locations around the world. It soon became clear that Dark Caracal was behind this latest assault, and Cooper Quintin made contact with the FBI to report his findings.
The digital rights group Electronic Frontier Foundation (EFF) is warning that security researchers may have been hit by a cybercrime after forgetting to register one of the malware domains they were investigating. The domain name in question was listed in the malware’s code, but was later deleted. Researchers believe that this may have led to an attack against their systems, since the domain was an essential component of the malware’s functionality.
Quintin quickly realized that if he could register the domain and take control of it, he could get a real-time view into the hackers’ actions, and, more importantly, their targets. This would allow him to stop the hackers before they inflicted any more damage on innocent people.
Quintin’s infiltration of Dark Caracal’s hacking operation paid off in a big way. Late one night, he found an unprotected web server that was hosting the site’s source code. He quickly registered the domain and flooded it with phishing links, crashing the site and crippling Dark Caracal’s operations for good.
Quintin is relieved that the hackers haven’t caught on to his involvement yet. He has been stealthily monitoring their activities for months, and he’s almost certain that they aren’t aware of his presence. He’s curious to see how things will play out, but he’s also concerned about what could happen if the hackers find out who he is.
Travis is pleasantly surprised by the amount of information he has received from the support group. He had thought that he would only get a few days of information, but instead has received several months’ worth. This provides him with a great opportunity to learn more about his illness and how to best manage it.
Quintin is grateful that he was able to find the hackers’ target, and has begun working on a way to stop them before they cause any more damage. Quintin is also working on a way to warn other businesses in need of protection about the hacker’s methods.
As Quintin’s access continued, he began to piece together the Bandook malware’s purpose. The malware was designed to steal user browser credentials and financial information from websites visited by the infected computer. With this data, the thieves could gain access to bank accounts, credit cards and other sensitive information.
So instead, they used a neuralyzer to erase all memories of the inhabitants, including any personal data like names and faces. They also left Dark Caracal in charge of the domain with strict orders to never let anyone back inside—not even Quintin or his team.
The researchers said that they will not release any further information until they are certain the information is not going to harm more people who have been infected. The reason for this is because they do not want to scare other people away from getting the vaccine.
The decision to put a privacy policy on the sinkhole’s website was meant to protect the victims of the hacking campaign, as well as maintain their anonymity. The policy states that EFF will make our “best efforts” to anonymize any data collected by SINKHOLE before publishing or sharing or within a certain time frame. This practice is intended to protect the victims from possible reprisal, and also ensures that their identities remain confidential.
The Dark Caracal spying campaign put Lebanon, Kazakhstan, and other unsuspecting countries at risk of international espionage and data breaches. The EFF reports that the hacking campaign was likely sponsored by the Lebanese government in an effort to gain intelligence on its enemies. Quintin and Galperin’s findings suggest that this is not a new tactic – instead it appears to be part of a broader trend of states using hacking campaigns as tools for surveillance and manipulation.
The researchers at the EFF have concluded that Dark Caracal is not a traditional government hacking group, but rather a group that governments and perhaps other organizations hire to hack whoever they are interested in. This conclusion is based on the fact that over the years, Dark Caracal has targeted different victims in different countries, indicating that they are not purely focused on attacking government targets.
The Dark Caracal cyberspace mercenary group is a shadowy operator, with ties to both Lebanon and Kazakhstan. They are believed to have worked for multiple nation states in the past, but their recent focus appears to be on Latin America. So far, they have been involved in operations in Venezuela and Colombia.
The EFF researchers believe that Dark Caracal is a sophisticated and dangerous cyberterrorist group that has targeted computers all over the world, most notably in Venezuela. Quintin alerted Matias Porolli, a researcher at ESET, about this recent campaign and Porolli determined that it is likely being run by the same group as the one ESET investigated in 2021. Porolli warns that DARK CARACAL poses a significant threat to computer users everywhere and recommends vigilance against their attacks.
Some have alleged that the 2021 Caracal campaign was conducted by Dark Caracal, a ring of hackers with ties to Russian intelligence. While evidence linking Dark Caracal to the attack is slim, Bandook, a Remote Access Trojan (RAT) used in this particular campaign, bears similarities to malware previously linked to Dark Caracal. If confirmed, these findings suggest that Russia may be indirectly supporting Dark Caracal and its activities.
Porolli said that because the malware was originally designed for military use, it is possible that different groups could be using the malware for different purposes.
Cooper also believes that the hackers are probably not working for the Chinese government, as is often claimed by officials. He said, “This group of attackers does not fit into a PRC profile that I am familiar with.” instead suggesting that they work for themselves or someone else with their own goals, such as financial gain or inflicting pain on specific targets.
Snipers have traditionally been very good at long-range shooting, due to the fact that they can keep their target in sight for a longer period of time than other combat rifle users. They use a variety of tools and techniques, including telescopic sights
The lower end doctors who use malware like NSO Group’s Pegasus are just as dangerous as the more well-known cyber threats, Quintin said. These malware makers are able to infect a lot of computers and create big campaigns, which demonstrates that they’re serious players in the cyber world.
With Quintin’s actions now public, Dark Caracal may realize that they have been infiltrated. They may try to cover up their tracks or take action to remove their adversaries from the equation.
If Quintin were the norm of online privacy advocates, he would be reading the EFF blog looking for his name. But instead, Quintin heads to darknetmarkets to purchase VPN services and browse the web anonymously. He believes that by utilizing anonymous techniques and networking tools, he can protect himself from businesses that may be interested in exploiting his personal information. And in doing so,
Mercenary hacking groups, such as Dark Caracal, have become a major issue for governments and companies around the world. These groups are notorious for their attacks against businesses and organizations, sometimes for financial gain, but often with the aim of causing disruption or chaos. Groups like Dark Caracal can be highly damaging to businesses and networks, but they are also difficult to detect and stop.
