The notorious Mask malware has infected 380 governments and businesses across 31 countries including the UK, according to Kaspersky Labs.
Kaspersky's Global Research and Analysis Team (Great) revealed that The Mask campaign infected numerous government institutions, diplomatic offices and embassies, energy, oil and gas companies, research institutions, private equity firms and activists with malware since it began in 2007.
The Mask malware was uncovered by Kaspersky researchers on 3 February. The researchers confirmed that The Mask campaign is able to bypass numerous security defence technologies, and is one of the most advanced hacking operations ever discovered.
"What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS)," read the blog post.
"The Mask also uses a customised attack against older Kaspersky Lab products in order to hide in the system. This puts it above Duqu in terms of sophistication, making The Mask one of the most advanced threats at the current time."
The research revealed that The Mask hackers infected machines using spear-phishing emails linking to malicious web addresses designed to look like sub domains of news outlets like The Guardian and the Washington Post.
"The Mask campaign we discovered relies on spear-phishing emails with links to a malicious website. The malicious website contains a number of exploits designed to infect the visitor, depending on his system configuration. Upon successful infection, the malicious website redirects the user to the benign website referenced in the email, which can be a YouTube movie or a news portal," explained the blog post.
The Great team said they discerned the number of Mask victims after sinkholing several of the campaign's command-and-control servers. The researchers warned their estimate of 380 is a conservative one, and Mask hackers have likely compromised numerous other systems.
"Based on an identification algorithm we developed, we counted over 380 unique victims between over 1,000+ IPs," read the post. "However, considering that victim information has been collected only for some command-and-control servers and sinkholed hosts, the total number of affected countries and unique victims can be much higher."
The UK was revealed to be the third hardest-hit country, with Kaspersky detecting 109 Mask IP addresses. Brazil was the second most-infected country, accounting for 173 of the 1,000 Mask IP addresses. Morocco was the worst affected with Kaspersky detecting 383 Mask addresses.
The news is troubling as the Careto malware used by The Mask hackers is known to have several advanced powers. "The malware intercepts all the communication channels and collects the most vital information from the infected system," the blog post said.
"Detection is extremely difficult because of stealth rootkit capabilities. In addition to built-in functionalities, the operators of Careto can upload additional modules, which can perform any malicious task. Given the nature of the known victims, the impact is potentially very high."
The Kaspersky researchers said the complex nature of The Mask campaign indicates that the attacks may have been state sponsored.
Mask is one of many hack campaigns uncovered this year that are believed to be state sponsored. Security experts from CrowdStrike reported uncovering a sophisticated campaign targeting the energy industry, codenamed Energetic Bear, in January.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year