Behind the mysterious Careto hacker group was an unexpected agent: the Spanish government, according to TechCrunch.

This group was discovered in 2014 by the Russian company, which named it Careto after finding that term in the malware code. The word, a colloquial expression in Spanish that can be translated as “mask,” ended up giving name to a campaign that, according to Kaspersky, was notable for its complexity and breadth. The group reportedly deployed an arsenal of tools adapted to different platforms, including Windows, macOS, and Linux, as well as hints of versions for Android and iOS, although the latter were not technically confirmed.

One of the most sophisticated cyberespionage groups discovered by Kaspersky
Among the technical capabilities described by Kaspersky were the theft of encrypted documents, SSH keys, VPN configurations, keystroke logs, screenshots, and the interception of Skype conversations (now defunct) and network traffic. Their attacks were distributed via spear-phishing emails, simulating the websites of Spanish media outlets such as El País, El Mundo, and Público. One of the most striking clues the analysts identified was the string “Caguen1aMar,” a corruption of the expression “Me cago en la mar,” hidden in the malware code.