Last week, Electronic Frontier Foundation (EFF) and Lookout had released a report on a malware dubbed “Dark Caracal” that had stolen a huge amount of data from thousands of victims, such as journalists, military personnel, lawyers, activists, financial institutions, and other such organisations or individuals.
It seems that these hackers — who were deemed to be Lebanese and related to the nation-state as the signal was traced back to Lebanon's General Directorate of General Security (GDGS) — had left all the stolen data online on an unprotected server.
"It's almost like thieves robbed the bank and forgot to lock the door where they stashed the money," said Mike Murray, Lookout's head of intelligence.
According to EFF Director of Cybersecurity Eva Galperin, they were only able to pinpoint the hacking campaign to such a precise location as the government building because of their “extraordinarily poor operational security."
The stolen data included passwords, documents, call records, texts, contact information, photos, and other sensitive data. In Lookout security researcher Michael Flossman’s words, it was “literally everything.”
The report said that based on available evidence, it is likely that GDGS is either associated with or directly supporting the attackers behind Dark Caracal.