Media is too big
VIEW IN TELEGRAM
Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks - BLack Hat CitizenLab / 2020
This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender.
#Pegasus #NSO #Spyware #CitizenLab #BlackHat #espionage #israel #exploit
This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender.
#Pegasus #NSO #Spyware #CitizenLab #BlackHat #espionage #israel #exploit
A technical analysis of Pegasus for Android – Part 1 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
A technical analysis of Pegasus for Android – Part 2 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
A technical analysis of Pegasus for Android – Part 3 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#Pegasus #NSO #israel #Spyware #espionage #exploit
A technical analysis of Pegasus for Android – Part 2 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
A technical analysis of Pegasus for Android – Part 3 – https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
#Pegasus #NSO #israel #Spyware #espionage #exploit
Forwarded from Pegasus NSO & other spyware
Stealth Soldier Backdoor Used in Targeted Espionage Attacks in North Africa - Check Point Research – June 2023
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
Check Point Research observed a wave of highly-targeted espionage attacks in Libya that utilize a new custom modular backdoor.
Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information.
The Stealth Soldier infrastructure has some overlaps with infrastructure the The Eye on the Nile which operated against Egyptian civilian society in 2019. This is the first possible re-appearance of this threat actor since then.
Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International – 2019
#StealthSoldier #EyeOnTheNile
#Backdoor #espionage #malware #Egypt #Libya
Forwarded from Pegasus NSO & other spyware
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research – June 2023
#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia
In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.#CamaroDragon #USB #Flashdrive #MustangPanda #LuminousMoth #espionage #malware #China #Asia
CID Lookout: Unsolicited Smartwatches Received by Mail > Department of the Army Criminal Investigation Division
Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.
These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.
Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches
#spyware #WristWatch
#USA #SmartWatch #espionage
Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.
These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.
Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches
#spyware #WristWatch
#USA #SmartWatch #espionage
Big Brother Watch (@BigBrotherWatch): "Cameras made by Chinese state-owned surveillance firm, #Hikvision, found outside MI6 HQ "It is highly embarrassing for MI6 that these cameras are monitoring them."
British spies are being filmed by Chinese surveillance cameras in front of MI6 headquarters, The Mail on Sunday can revealed
#UK #China #CCTV #espionage
#MI6
British spies are being filmed by Chinese surveillance cameras in front of MI6 headquarters, The Mail on Sunday can revealed
#UK #China #CCTV #espionage
#MI6
Mail Online
The MoS revealed they've been trained on Army barracks and even Sandringham… Now Chinese spy cams are found outside MI6 HQ
Cameras made by Hikvision - which is banned in US federal buildings on national security grounds - have been installed on a lamp post across the road from MI6 headquarters.
Forwarded from Pegasus NSO & other spyware
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks – TheHackerNews - June 2023
Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft – CrowdStrike - June 2023
#VoltTyphoon #VanguarPanda #China #espionage #spyware #malware
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.
The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda.
"The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land (LotL) techniques for lateral movement,"Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft – CrowdStrike - June 2023
#VoltTyphoon #VanguarPanda #China #espionage #spyware #malware
Forwarded from Pegasus NSO & other spyware
Asylum Ambuscade: crimeware or cyberespionage? | WeLiveSecurity – June 2023
#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage
A curious case of a threat actor at the border between crimeware and cyberespionage
Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign and about multiple cybercrime campaigns in 2022 and 2023.#AsylumEmbuscade
#SunSeed #AHKBOT #EU #Ukraine #Russia #CyberEspionage #espionage
Forwarded from Pegasus NSO & other spyware
How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom
#Storm0558 #China #Infosec
#espionage
For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.
Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.
This latest attack uses a unique trick: Microsoft says hackers stole a cryptographic key that let them generate their own authentication “tokens”—strings of information meant to prove a user’s identity—giving them free rein across dozens of Microsoft customer accounts.#Storm0558 #China #Infosec
#espionage
US govt IT worker accused of leaking top secrets • The Register –
A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.
Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. He has worked in various American government agencies since 2019.
#US #Ethiopia #Espionage
A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.
Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. He has worked in various American government agencies since 2019.
#US #Ethiopia #Espionage
The Register
US govt IT help desk techie 'leaked top secrets' to foreign nation
National defense files can earn you $55K … and espionage charges
Forwarded from Pegasus NSO & other spyware
eXotic Visit campaign: Tracing the footprints of Virtual Invaders | We Live Security
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with open-source XploitSPY malware. We have named this campaign eXotic Visit and have tracked its activities from November 2021 through to the end of 2023. The targeted campaign has been distributing malicious Android apps through dedicated websites and, for some time, through the Google Play store as well.
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
Forwarded from Pegasus NSO & other spyware
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities – Linkedin
Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear
XAgent is a spyware targeting iOS devices, representing a mobile implant. Publicly attributed to the group APT28 (also known as Sofacy or Fancy Bear), XAgent is consistent with TTPs of targeting government entities, political organizations, and individuals of interest for cyber espionage purposes.
The XAgent iOS implant exhibits advanced functionalities for comprehensive data collection, exfiltration and potential remote control, aligning with APT28's objectives of gathering intelligence and maintaining persistent access to compromised systems.Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear